Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-06-04 11:55:29

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

k8s/apps/llamacpp/app.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: llamacpp
-  namespace: argocd
-spec:
-  project: apps
-  destination:
-    namespace: llamacpp
-    server: https://kubernetes.default.svc
-  source:
-    repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
-    targetRevision: HEAD
-    path: k8s/apps/llamacpp
-  syncPolicy:
-    automated:
-      selfHeal: true
-      prune: true
-    syncOptions:
-      - CreateNamespace=true

k8s/apps/llamacpp/configmap.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: llamacpp-config
-data:
-  LLAMA_CACHE: /models
-  LLAMA_ARG_HOST: 0.0.0.0
-  LLAMA_ARG_PORT: "8080"
-  LLAMA_ARG_HF_REPO: "unsloth/Qwen3.6-35B-A3B-MTP-GGUF:UD-Q6_K"
-  LLAMA_ARG_CTX_SIZE: "32768"
-  LLAMA_ARG_FLASH_ATTN: auto
-  LLAMA_ARG_FIT: "on"

k8s/apps/llamacpp/deployment.yaml

@@ -1,71 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: llamacpp
-  annotations:
-    reloader.stakater.com/auto: "true"
-  labels:
-    app: llamacpp
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: llamacpp
-  template:
-    metadata:
-      labels:
-        app: llamacpp
-    spec:
-      dnsPolicy: Default
-      nodeSelector:
-        kubernetes.io/hostname: ai.tail2fe2d.ts.net
-      tolerations:
-        - key: workload
-          operator: Equal
-          value: ai
-          effect: NoSchedule
-      containers:
-        - name: llamacpp
-          image: ghcr.io/ggml-org/llama.cpp:server-rocm-b9501 
-          imagePullPolicy: IfNotPresent
-          envFrom:
-            - configMapRef:
-                name: llamacpp-config
-          env:
-            - name: HF_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  name: llamacpp-hf-token
-                  key: token
-                  optional: true
-          ports:
-            - name: http
-              containerPort: 8080
-              protocol: TCP
-          resources:
-            limits:
-              amd.com/gpu: 1
-          startupProbe:
-            httpGet:
-              path: /health
-              port: http
-            failureThreshold: 180
-            periodSeconds: 10
-            timeoutSeconds: 5
-          readinessProbe:
-            httpGet:
-              path: /health
-              port: http
-            failureThreshold: 3
-            periodSeconds: 10
-            timeoutSeconds: 5
-          volumeMounts:
-            - name: models
-              mountPath: /models
-      volumes:
-        - name: models
-          hostPath:
-            path: /k8s/llamacpp/models
-            type: DirectoryOrCreate

k8s/apps/llamacpp/kustomization.yaml

@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - app.yaml
-  - configmap.yaml
-  - deployment.yaml
-  - service.yaml

k8s/apps/llamacpp/service.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: llamacpp
-  labels:
-    app: llamacpp
-spec:
-  type: ClusterIP
-  selector:
-    app: llamacpp
-  ports:
-    - name: http
-      port: 8080
-      targetPort: http
-      protocol: TCP

k8s/apps/mtproxy/secret-reader-ingress.yaml

@@ -22,7 +22,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-    - match: Host(`proxy.hexor.cy`)
+    - match: Host(`secret-reader.hexor.cy`)
       kind: Rule
       middlewares:
         - name: auth-proxy
@@ -30,16 +30,16 @@ spec:
         - name: secret-reader
           port: 80
   tls:
-    secretName: proxy-tls
+    secretName: secret-reader-tls
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: proxy-tls
+  name: secret-reader-tls
 spec:
-  secretName: proxy-tls
+  secretName: secret-reader-tls
   issuerRef:
     name: letsencrypt
     kind: ClusterIssuer
   dnsNames:
-    - proxy.hexor.cy
+    - secret-reader.hexor.cy

k8s/apps/ollama/kustomization.yaml

@@ -9,14 +9,14 @@ resources:
 helmCharts:
   - name: ollama
     repo: https://otwld.github.io/ollama-helm/
-    version: 1.58.0
+    version: 1.49.0
     releaseName: ollama
     namespace: ollama
     valuesFile: ollama-values.yaml
     includeCRDs: true
   - name: open-webui
     repo: https://helm.openwebui.com/
-    version: 14.8.0
+    version: 12.10.0
     releaseName: openweb-ui
     namespace: ollama
     valuesFile: openweb-ui-values.yaml

k8s/apps/ollama/openweb-ui-values.yaml

@@ -2,8 +2,8 @@ clusterDomain: cluster.local
 
 extraEnvVars:
   GLOBAL_LOG_LEVEL: debug
-  OAUTH_PROVIDER_NAME: keycloak
-  OPENID_PROVIDER_URL: https://auth.hexor.cy/auth/realms/hexor/.well-known/openid-configuration
+  OAUTH_PROVIDER_NAME: authentik
+  OPENID_PROVIDER_URL: https://idm.hexor.cy/application/o/openwebui/.well-known/openid-configuration
   OPENID_REDIRECT_URI: https://ai.hexor.cy/oauth/oidc/callback
   WEBUI_URL: https://ai.hexor.cy
   # Allows auto-creation of new users using OAuth. Must be paired with ENABLE_LOGIN_FORM=false.
@@ -31,7 +31,7 @@ ollama:
         - qwen3-vl:8b
         
 pipelines:
-  enabled: false
+  enabled: true
   nodeSelector:
     kubernetes.io/hostname: master.tail2fe2d.ts.net
   

k8s/core/gpu/amd-gpu-values.yaml

@@ -1,31 +0,0 @@
-nfd:
-  enabled: false
-
-labeller:
-  enabled: false
-
-dp:
-  image:
-    repository: docker.io/rocm/k8s-device-plugin
-    tag: "1.31.0.9"
-  updateStrategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 1
-
-securityContext:
-  allowPrivilegeEscalation: false
-  capabilities:
-    drop:
-      - ALL
-
-tolerations:
-  - key: workload
-    operator: Equal
-    value: ai
-    effect: NoSchedule
-
-node_selector_enabled: true
-node_selector:
-  kubernetes.io/arch: amd64
-  kubernetes.io/hostname: ai.tail2fe2d.ts.net

k8s/core/gpu/kustomization.yaml

@@ -13,24 +13,3 @@ helmCharts:
     namespace: gpu-system
     valuesFile: values.yaml
     includeCRDs: true
-  - name: amd-gpu
-    repo: https://rocm.github.io/k8s-device-plugin/
-    version: 0.21.0
-    releaseName: amd-gpu-device-plugin
-    namespace: gpu-system
-    valuesFile: amd-gpu-values.yaml
-    includeCRDs: true
-
-patches:
-  - target:
-      group: apps
-      version: v1
-      kind: DaemonSet
-      name: amd-gpu-device-plugin-daemonset
-      namespace: gpu-system
-    patch: |-
-      - op: replace
-        path: /spec/template/spec/nodeSelector
-        value:
-          kubernetes.io/arch: amd64
-          kubernetes.io/hostname: ai.tail2fe2d.ts.net

terraform/keycloak/terraform.tfvars

@@ -9,12 +9,12 @@ groups = [
 
 proxy_applications = {
   secret-reader = {
-    domain         = "proxy.hexor.cy"
-    allowed_groups = ["hexor-admin", "app-pass"]
+    domain         = "secret-reader.hexor.cy"
+    allowed_groups = ["hexor-guest", "hexor-admin"]
   }
   pass = {
     domain         = "pass.hexor.cy"
-    allowed_groups = ["hexor-admin", "app-pass"]
+    allowed_groups = ["hexor-guest", "hexor-admin"]
   }
 }
 
@@ -40,11 +40,6 @@ oauth2_applications = {
     web_origins               = ["https://gf.hexor.cy"]
     post_logout_redirect_uris = ["https://gf.hexor.cy/*"]
   }
-  openwebui = {
-    redirect_uris             = ["https://ai.hexor.cy/oauth/oidc/callback"]
-    web_origins               = ["https://ai.hexor.cy"]
-    post_logout_redirect_uris = ["https://ai.hexor.cy/*"]
-  }
   FuruMusic = {
     redirect_uris             = ["https://music.hexor.cy/auth/oidc/callback"]
     web_origins               = ["https://music.hexor.cy"]
@@ -61,3 +56,4 @@ oauth2_applications = {
     post_logout_redirect_uris = ["https://pet.hexor.cy/*", "https://xn--l1acako8eb.xn--p1ai/*", "https://мурняня.рф/*"]
   }
 }
+