Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-06-02 16:52:41 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.
2026-06-02 16:52:41 +00:00
18 changed files with 41 additions and 313 deletions
@@ -25,7 +25,6 @@ ArgoCD homelab project
 | **longhorn** | [![longhorn](https://ag.hexor.cy/api/badge?name=longhorn&revision=true)](https://ag.hexor.cy/applications/argocd/longhorn) |
 | **postgresql** | [![postgresql](https://ag.hexor.cy/api/badge?name=postgresql&revision=true)](https://ag.hexor.cy/applications/argocd/postgresql) |
 | **prom-stack** | [![prom-stack](https://ag.hexor.cy/api/badge?name=prom-stack&revision=true)](https://ag.hexor.cy/applications/argocd/prom-stack) |
 | **reloader** | [![reloader](https://ag.hexor.cy/api/badge?name=reloader&revision=true)](https://ag.hexor.cy/applications/argocd/reloader) |
 | **system-upgrade** | [![system-upgrade](https://ag.hexor.cy/api/badge?name=system-upgrade&revision=true)](https://ag.hexor.cy/applications/argocd/system-upgrade) |
 ### Games
@@ -1,20 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: llamacpp
  namespace: argocd
 spec:
  project: apps
  destination:
    namespace: llamacpp
    server: https://kubernetes.default.svc
  source:
    repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
    targetRevision: HEAD
    path: k8s/apps/llamacpp
  syncPolicy:
    automated:
      selfHeal: true
      prune: true
    syncOptions:
      - CreateNamespace=true
@@ -1,12 +0,0 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: llamacpp-config
 data:
  LLAMA_CACHE: /models
  LLAMA_ARG_HOST: 0.0.0.0
  LLAMA_ARG_PORT: "8080"
  LLAMA_ARG_HF_REPO: "unsloth/Qwen3.6-35B-A3B-MTP-GGUF:UD-Q6_K"
  LLAMA_ARG_CTX_SIZE: "32768"
  LLAMA_ARG_FLASH_ATTN: auto
  LLAMA_ARG_FIT: "on"
@@ -1,71 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: llamacpp
  annotations:
    reloader.stakater.com/auto: "true"
  labels:
    app: llamacpp
 spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: llamacpp
  template:
    metadata:
      labels:
        app: llamacpp
    spec:
      dnsPolicy: Default
      nodeSelector:
        kubernetes.io/hostname: ai.tail2fe2d.ts.net
      tolerations:
        - key: workload
          operator: Equal
          value: ai
          effect: NoSchedule
      containers:
        - name: llamacpp
          image: ghcr.io/ggml-org/llama.cpp:server-rocm-b9501 
          imagePullPolicy: IfNotPresent
          envFrom:
            - configMapRef:
                name: llamacpp-config
          env:
            - name: HF_TOKEN
              valueFrom:
                secretKeyRef:
                  name: llamacpp-hf-token
                  key: token
                  optional: true
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          resources:
            limits:
              amd.com/gpu: 1
          startupProbe:
            httpGet:
              path: /health
              port: http
            failureThreshold: 180
            periodSeconds: 10
            timeoutSeconds: 5
          readinessProbe:
            httpGet:
              path: /health
              port: http
            failureThreshold: 3
            periodSeconds: 10
            timeoutSeconds: 5
          volumeMounts:
            - name: models
              mountPath: /models
      volumes:
        - name: models
          hostPath:
            path: /k8s/llamacpp/models
            type: DirectoryOrCreate
@@ -1,8 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - app.yaml
  - configmap.yaml
  - deployment.yaml
  - service.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: llamacpp
  labels:
    app: llamacpp
 spec:
  type: ClusterIP
  selector:
    app: llamacpp
  ports:
    - name: http
      port: 8080
      targetPort: http
      protocol: TCP
@@ -22,7 +22,7 @@ spec:
  entryPoints:
    - websecure
  routes:
-    - match: Host(`proxy.hexor.cy`)
+    - match: Host(`secret-reader.hexor.cy`)
      kind: Rule
      middlewares:
        - name: auth-proxy
@@ -30,16 +30,16 @@ spec:
        - name: secret-reader
          port: 80
  tls:
-    secretName: proxy-tls
+    secretName: secret-reader-tls
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: proxy-tls
+  name: secret-reader-tls
 spec:
-  secretName: proxy-tls
+  secretName: secret-reader-tls
  issuerRef:
    name: letsencrypt
    kind: ClusterIssuer
  dnsNames:
-    - proxy.hexor.cy
+    - secret-reader.hexor.cy
@@ -9,14 +9,14 @@ resources:
 helmCharts:
  - name: ollama
    repo: https://otwld.github.io/ollama-helm/
-    version: 1.58.0
+    version: 1.49.0
    releaseName: ollama
    namespace: ollama
    valuesFile: ollama-values.yaml
    includeCRDs: true
  - name: open-webui
    repo: https://helm.openwebui.com/
-    version: 14.8.0
+    version: 12.10.0
    releaseName: openweb-ui
    namespace: ollama
    valuesFile: openweb-ui-values.yaml
@@ -2,8 +2,8 @@ clusterDomain: cluster.local
 extraEnvVars:
  GLOBAL_LOG_LEVEL: debug
-  OAUTH_PROVIDER_NAME: keycloak
+  OAUTH_PROVIDER_NAME: authentik
-  OPENID_PROVIDER_URL: https://auth.hexor.cy/auth/realms/hexor/.well-known/openid-configuration
+  OPENID_PROVIDER_URL: https://idm.hexor.cy/application/o/openwebui/.well-known/openid-configuration
  OPENID_REDIRECT_URI: https://ai.hexor.cy/oauth/oidc/callback
  WEBUI_URL: https://ai.hexor.cy
  # Allows auto-creation of new users using OAuth. Must be paired with ENABLE_LOGIN_FORM=false.
@@ -31,7 +31,7 @@ ollama:
        - qwen3-vl:8b
 pipelines:
-  enabled: false
+  enabled: true
  nodeSelector:
    kubernetes.io/hostname: master.tail2fe2d.ts.net
@@ -236,52 +236,29 @@ data:
    cd /app
-    write_xray_api_port() {
+    # Start main process in background
-      API_PORT="$1"
+    ./main &
-      case "$API_PORT" in
+    MAIN_PID=$!
        ""|*[!0-9]*)
          return
          ;;
      esac
-      CURRENT_PORT=""
+    # Start continuous port monitoring in background
-      if [ -f /shared/xray-api-port ]; then
+    {
-        CURRENT_PORT=$(cat /shared/xray-api-port)
+      sleep 10  # Wait for xray to start initially
-      fi
+      LAST_PORT=""
-      if [ "$API_PORT" != "$CURRENT_PORT" ]; then
+      while true; do
        API_PORT=$(netstat -tlpn | grep xray | grep 127.0.0.1 | awk '{print $4}' | cut -d: -f2 | head -1)
        if [ -n "$API_PORT" ] && [ "$API_PORT" != "$LAST_PORT" ]; then
          echo "Found xray API port: $API_PORT"
          echo -n "$API_PORT" > /shared/xray-api-port
          LAST_PORT="$API_PORT"
        fi
-    }
+        sleep 5  # Check every 5 seconds
    LOG_PIPE="/tmp/pasarguard-main.log"
    rm -f "$LOG_PIPE"
    mkfifo "$LOG_PIPE"
    # Capture main logs so the Xray API listener is not confused with Xray's metrics listener.
    {
      while IFS= read -r line; do
        echo "$line"
        case "$line" in
          *"transport/internet/tcp: listening TCP on 127.0.0.1:"*)
            API_PORT=$(echo "$line" | sed -n 's/.*listening TCP on 127\.0\.0\.1:\([0-9][0-9]*\).*/\1/p')
            write_xray_api_port "$API_PORT"
            ;;
        esac
      done
-    } < "$LOG_PIPE" &
+    } &
-    LOG_READER_PID=$!
+    PORT_MONITOR_PID=$!
    # Start main process in background
    ./main > "$LOG_PIPE" 2>&1 &
    MAIN_PID=$!
    # Wait for main process to finish
    wait $MAIN_PID
    MAIN_STATUS=$?
-    # Clean up log reader
+    # Clean up port monitor
-    wait $LOG_READER_PID 2>/dev/null
+    kill $PORT_MONITOR_PID 2>/dev/null
    rm -f "$LOG_PIPE"
    exit $MAIN_STATUS
@@ -46,7 +46,7 @@ spec:
              mountPath: /scripts
      containers:
        - name: pasarguard-node
-          image: pasarguard/node:v0.5.0
+          image: pasarguard/node:v0.4.0
          imagePullPolicy: Always
          command:
            - /bin/sh
@@ -116,20 +116,14 @@ spec:
            - name: metrics
              containerPort: 9550
              protocol: TCP
-          startupProbe:
+          livenessProbe:
            httpGet:
              path: /scrape
              port: metrics
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 36
          livenessProbe:
            tcpSocket:
              port: metrics
            initialDelaySeconds: 60
            periodSeconds: 30
            timeoutSeconds: 10
-            failureThreshold: 6
+            failureThreshold: 3
          readinessProbe:
            httpGet:
              path: /scrape
@@ -43,8 +43,6 @@ spec:
        env:
        - name: RUST_LOG
          value: "info"
        - name: WEB_PETTING_DEBUG
          value: "false"
        resources:
          requests:
            memory: "256Mi"
@@ -1,31 +0,0 @@
 nfd:
  enabled: false
 labeller:
  enabled: false
 dp:
  image:
    repository: docker.io/rocm/k8s-device-plugin
    tag: "1.31.0.9"
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
 securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - ALL
 tolerations:
  - key: workload
    operator: Equal
    value: ai
    effect: NoSchedule
 node_selector_enabled: true
 node_selector:
  kubernetes.io/arch: amd64
  kubernetes.io/hostname: ai.tail2fe2d.ts.net
@@ -13,24 +13,3 @@ helmCharts:
    namespace: gpu-system
    valuesFile: values.yaml
    includeCRDs: true
  - name: amd-gpu
    repo: https://rocm.github.io/k8s-device-plugin/
    version: 0.21.0
    releaseName: amd-gpu-device-plugin
    namespace: gpu-system
    valuesFile: amd-gpu-values.yaml
    includeCRDs: true
 patches:
  - target:
      group: apps
      version: v1
      kind: DaemonSet
      name: amd-gpu-device-plugin-daemonset
      namespace: gpu-system
    patch: |-
      - op: replace
        path: /spec/template/spec/nodeSelector
        value:
          kubernetes.io/arch: amd64
          kubernetes.io/hostname: ai.tail2fe2d.ts.net
@@ -1,21 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: reloader
  namespace: argocd
 spec:
  project: core
  destination:
    namespace: reloader
    server: https://kubernetes.default.svc
  source:
    repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
    targetRevision: HEAD
    path: k8s/core/reloader
  syncPolicy:
    automated:
      selfHeal: true
      prune: true
    syncOptions:
      - CreateNamespace=true
      - ServerSideApply=true
@@ -1,13 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - app.yaml
 helmCharts:
  - name: reloader
    repo: https://stakater.github.io/stakater-charts
    version: 2.2.12
    releaseName: reloader
    namespace: reloader
    valuesFile: values.yaml
@@ -1,24 +0,0 @@
 reloader:
  watchGlobally: true
  autoReloadAll: true
  reloadOnCreate: true
  reloadOnDelete: false
  reloadStrategy: annotations
  ignoreConfigMaps: false
  ignoreSecrets: false
  ignoreJobs: false
  ignoreCronJobs: false
  enableHA: true
  syncAfterRestart: true
  logLevel: info
  rbac:
    enabled: true
  deployment:
    replicas: 2
    resources:
      requests:
        cpu: 10m
        memory: 128Mi
      limits:
        cpu: 150m
        memory: 512Mi
@@ -9,12 +9,12 @@ groups = [
 proxy_applications = {
  secret-reader = {
-    domain         = "proxy.hexor.cy"
+    domain         = "secret-reader.hexor.cy"
-    allowed_groups = ["hexor-admin", "app-pass"]
+    allowed_groups = ["hexor-guest", "hexor-admin"]
  }
  pass = {
    domain         = "pass.hexor.cy"
-    allowed_groups = ["hexor-admin", "app-pass"]
+    allowed_groups = ["hexor-guest", "hexor-admin"]
  }
 }
@@ -40,11 +40,6 @@ oauth2_applications = {
    web_origins               = ["https://gf.hexor.cy"]
    post_logout_redirect_uris = ["https://gf.hexor.cy/*"]
  }
  openwebui = {
    redirect_uris             = ["https://ai.hexor.cy/oauth/oidc/callback"]
    web_origins               = ["https://ai.hexor.cy"]
    post_logout_redirect_uris = ["https://ai.hexor.cy/*"]
  }
  FuruMusic = {
    redirect_uris             = ["https://music.hexor.cy/auth/oidc/callback"]
    web_origins               = ["https://music.hexor.cy"]
@@ -61,3 +56,4 @@ oauth2_applications = {
    post_logout_redirect_uris = ["https://pet.hexor.cy/*", "https://xn--l1acako8eb.xn--p1ai/*", "https://мурняня.рф/*"]
  }
 }