Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-06-04 11:55:29 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.
2026-06-04 11:55:29 +00:00
11 changed files with 16 additions and 198 deletions
@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: llamacpp
-  namespace: argocd
-spec:
-  project: apps
-  destination:
-    namespace: llamacpp
-    server: https://kubernetes.default.svc
-  source:
-    repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
-    targetRevision: HEAD
-    path: k8s/apps/llamacpp
-  syncPolicy:
-    automated:
-      selfHeal: true
-      prune: true
-    syncOptions:
-      - CreateNamespace=true
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: llamacpp-config
-data:
-  LLAMA_CACHE: /models
-  LLAMA_ARG_HOST: 0.0.0.0
-  LLAMA_ARG_PORT: "8080"
-  LLAMA_ARG_HF_REPO: "unsloth/Qwen3.6-35B-A3B-MTP-GGUF:UD-Q6_K"
-  LLAMA_ARG_CTX_SIZE: "32768"
-  LLAMA_ARG_FLASH_ATTN: auto
-  LLAMA_ARG_FIT: "on"
@@ -1,71 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: llamacpp
-  annotations:
-    reloader.stakater.com/auto: "true"
-  labels:
-    app: llamacpp
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: llamacpp
-  template:
-    metadata:
-      labels:
-        app: llamacpp
-    spec:
-      dnsPolicy: Default
-      nodeSelector:
-        kubernetes.io/hostname: ai.tail2fe2d.ts.net
-      tolerations:
-        - key: workload
-          operator: Equal
-          value: ai
-          effect: NoSchedule
-      containers:
-        - name: llamacpp
-          image: ghcr.io/ggml-org/llama.cpp:server-rocm-b9501 
-          imagePullPolicy: IfNotPresent
-          envFrom:
-            - configMapRef:
-                name: llamacpp-config
-          env:
-            - name: HF_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  name: llamacpp-hf-token
-                  key: token
-                  optional: true
-          ports:
-            - name: http
-              containerPort: 8080
-              protocol: TCP
-          resources:
-            limits:
-              amd.com/gpu: 1
-          startupProbe:
-            httpGet:
-              path: /health
-              port: http
-            failureThreshold: 180
-            periodSeconds: 10
-            timeoutSeconds: 5
-          readinessProbe:
-            httpGet:
-              path: /health
-              port: http
-            failureThreshold: 3
-            periodSeconds: 10
-            timeoutSeconds: 5
-          volumeMounts:
-            - name: models
-              mountPath: /models
-      volumes:
-        - name: models
-          hostPath:
-            path: /k8s/llamacpp/models
-            type: DirectoryOrCreate
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - app.yaml
-  - configmap.yaml
-  - deployment.yaml
-  - service.yaml
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: llamacpp
-  labels:
-    app: llamacpp
-spec:
-  type: ClusterIP
-  selector:
-    app: llamacpp
-  ports:
-    - name: http
-      port: 8080
-      targetPort: http
-      protocol: TCP
@@ -22,7 +22,7 @@ spec:
  entryPoints:
    - websecure
  routes:
-    - match: Host(`proxy.hexor.cy`)
+    - match: Host(`secret-reader.hexor.cy`)
      kind: Rule
      middlewares:
        - name: auth-proxy
@@ -30,16 +30,16 @@ spec:
        - name: secret-reader
          port: 80
  tls:
-    secretName: proxy-tls
+    secretName: secret-reader-tls
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: proxy-tls
+  name: secret-reader-tls
 spec:
-  secretName: proxy-tls
+  secretName: secret-reader-tls
  issuerRef:
    name: letsencrypt
    kind: ClusterIssuer
  dnsNames:
-    - proxy.hexor.cy
+    - secret-reader.hexor.cy
@@ -9,18 +9,18 @@ resources:
 helmCharts:
  - name: ollama
    repo: https://otwld.github.io/ollama-helm/
-    version: 1.58.0
+    version: 1.49.0
    releaseName: ollama
    namespace: ollama
    valuesFile: ollama-values.yaml
    includeCRDs: true
  - name: open-webui
    repo: https://helm.openwebui.com/
-    version: 14.8.0
+    version: 12.10.0
    releaseName: openweb-ui
    namespace: ollama
    valuesFile: openweb-ui-values.yaml
    includeCRDs: true

 patches:
-  - path: patch-runtimeclass.yaml
+  - path: patch-runtimeclass.yaml
@@ -2,8 +2,8 @@ clusterDomain: cluster.local

 extraEnvVars:
  GLOBAL_LOG_LEVEL: debug
-  OAUTH_PROVIDER_NAME: keycloak
-  OPENID_PROVIDER_URL: https://auth.hexor.cy/auth/realms/hexor/.well-known/openid-configuration
+  OAUTH_PROVIDER_NAME: authentik
+  OPENID_PROVIDER_URL: https://idm.hexor.cy/application/o/openwebui/.well-known/openid-configuration
  OPENID_REDIRECT_URI: https://ai.hexor.cy/oauth/oidc/callback
  WEBUI_URL: https://ai.hexor.cy
  # Allows auto-creation of new users using OAuth. Must be paired with ENABLE_LOGIN_FORM=false.
@@ -31,7 +31,7 @@ ollama:
        - qwen3-vl:8b
        
 pipelines:
-  enabled: false
+  enabled: true
  nodeSelector:
    kubernetes.io/hostname: master.tail2fe2d.ts.net
  
@@ -57,4 +57,4 @@ ingress:
      traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
    host: "ai.hexor.cy"
    tls: true
-    existingSecret: ollama-tls
+    existingSecret: ollama-tls
@@ -1,31 +0,0 @@
-nfd:
-  enabled: false
-
-labeller:
-  enabled: false
-
-dp:
-  image:
-    repository: docker.io/rocm/k8s-device-plugin
-    tag: "1.31.0.9"
-  updateStrategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 1
-
-securityContext:
-  allowPrivilegeEscalation: false
-  capabilities:
-    drop:
-      - ALL
-
-tolerations:
-  - key: workload
-    operator: Equal
-    value: ai
-    effect: NoSchedule
-
-node_selector_enabled: true
-node_selector:
-  kubernetes.io/arch: amd64
-  kubernetes.io/hostname: ai.tail2fe2d.ts.net
@@ -13,24 +13,3 @@ helmCharts:
    namespace: gpu-system
    valuesFile: values.yaml
    includeCRDs: true
-  - name: amd-gpu
-    repo: https://rocm.github.io/k8s-device-plugin/
-    version: 0.21.0
-    releaseName: amd-gpu-device-plugin
-    namespace: gpu-system
-    valuesFile: amd-gpu-values.yaml
-    includeCRDs: true
-
-patches:
-  - target:
-      group: apps
-      version: v1
-      kind: DaemonSet
-      name: amd-gpu-device-plugin-daemonset
-      namespace: gpu-system
-    patch: |-
-      - op: replace
-        path: /spec/template/spec/nodeSelector
-        value:
-          kubernetes.io/arch: amd64
-          kubernetes.io/hostname: ai.tail2fe2d.ts.net
@@ -9,12 +9,12 @@ groups = [

 proxy_applications = {
  secret-reader = {
-    domain         = "proxy.hexor.cy"
-    allowed_groups = ["hexor-admin", "app-pass"]
+    domain         = "secret-reader.hexor.cy"
+    allowed_groups = ["hexor-guest", "hexor-admin"]
  }
  pass = {
    domain         = "pass.hexor.cy"
-    allowed_groups = ["hexor-admin", "app-pass"]
+    allowed_groups = ["hexor-guest", "hexor-admin"]
  }
 }

@@ -40,11 +40,6 @@ oauth2_applications = {
    web_origins               = ["https://gf.hexor.cy"]
    post_logout_redirect_uris = ["https://gf.hexor.cy/*"]
  }
-  openwebui = {
-    redirect_uris             = ["https://ai.hexor.cy/oauth/oidc/callback"]
-    web_origins               = ["https://ai.hexor.cy"]
-    post_logout_redirect_uris = ["https://ai.hexor.cy/*"]
-  }
  FuruMusic = {
    redirect_uris             = ["https://music.hexor.cy/auth/oidc/callback"]
    web_origins               = ["https://music.hexor.cy"]
@@ -61,3 +56,4 @@ oauth2_applications = {
    post_logout_redirect_uris = ["https://pet.hexor.cy/*", "https://xn--l1acako8eb.xn--p1ai/*", "https://мурняня.рф/*"]
  }
 }
+