From b10ed77908d5516ec201349475e54a92b4ca2de3 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Sun, 9 Jun 2024 22:54:05 -0400 Subject: cmd/mimi: use kustomize Signed-off-by: Xe Iaso --- cmd/mimi/manifest.yaml | 151 --------------------------------- cmd/mimi/manifest/deployment.yaml | 65 ++++++++++++++ cmd/mimi/manifest/inference-proxy.yaml | 9 ++ cmd/mimi/manifest/ingress.yaml | 23 +++++ cmd/mimi/manifest/kustomization.yaml | 10 +++ cmd/mimi/manifest/mimi-1password.yaml | 6 ++ cmd/mimi/manifest/namespace.yaml | 4 + cmd/mimi/manifest/service.yaml | 15 ++++ cmd/mimi/yeetfile.js | 2 +- 9 files changed, 133 insertions(+), 152 deletions(-) delete mode 100644 cmd/mimi/manifest.yaml create mode 100644 cmd/mimi/manifest/deployment.yaml create mode 100644 cmd/mimi/manifest/inference-proxy.yaml create mode 100644 cmd/mimi/manifest/ingress.yaml create mode 100644 cmd/mimi/manifest/kustomization.yaml create mode 100644 cmd/mimi/manifest/mimi-1password.yaml create mode 100644 cmd/mimi/manifest/namespace.yaml create mode 100644 cmd/mimi/manifest/service.yaml (limited to 'cmd/mimi') diff --git a/cmd/mimi/manifest.yaml b/cmd/mimi/manifest.yaml deleted file mode 100644 index b31cfa9..0000000 --- a/cmd/mimi/manifest.yaml +++ /dev/null @@ -1,151 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: mimi - labels: - app.kubernetes.io/name: mimi ---- -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: irc - namespace: mimi - labels: - app.kubernetes.io/name: mimi -spec: - itemPath: "vaults/Kubernetes/items/IRC [Mara]" ---- -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: mimi - namespace: mimi - labels: - app.kubernetes.io/name: mimi -spec: - itemPath: "vaults/Kubernetes/items/Mimi" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mimi - namespace: mimi - labels: - app.kubernetes.io/name: mimi - annotations: - operator.1password.io/auto-restart: "true" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: mimi - template: - metadata: - namespace: mimi - labels: - app.kubernetes.io/name: mimi - spec: - volumes: - - name: mimi - secret: - secretName: mimi - - name: irc - secret: - secretName: irc - - name: tmp - emptyDir: {} - securityContext: - fsGroup: 1000 - containers: - - name: main - image: ghcr.io/xe/x/mimi:latest - imagePullPolicy: "Always" - resources: - limits: - cpu: "4" - memory: "2Gi" - requests: - cpu: "2" - memory: "1Gi" - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /healthz - port: 9002 - httpHeaders: - - name: X-Kubernetes - value: "is kinda okay" - initialDelaySeconds: 3 - periodSeconds: 3 - env: - - name: GRPC_ADDR - value: ":9001" - - name: HTTP_ADDR - value: ":9002" - volumeMounts: - - name: mimi - readOnly: true - mountPath: "/run/secrets/mimi" - - name: irc - readOnly: true - mountPath: "/run/secrets/irc" - - name: tmp - mountPath: "/tmp" ---- -apiVersion: v1 -kind: Service -metadata: - name: mimi - namespace: mimi - labels: - app.kubernetes.io/name: mimi -spec: - selector: - app.kubernetes.io/name: mimi - ports: - - protocol: TCP - port: 80 - targetPort: 9002 - name: http - - protocol: TCP - port: 9001 - targetPort: 9001 - name: grpc - type: ClusterIP ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: mimi-public - namespace: mimi - labels: - app.kubernetes.io/name: mimi - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-prod" -spec: - ingressClassName: nginx - tls: - - hosts: - - mimi.techaro.lol - secretName: mimi-techaro-lol-public-tls - rules: - - host: mimi.techaro.lol - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: mimi - port: - name: http diff --git a/cmd/mimi/manifest/deployment.yaml b/cmd/mimi/manifest/deployment.yaml new file mode 100644 index 0000000..8c0c3d8 --- /dev/null +++ b/cmd/mimi/manifest/deployment.yaml @@ -0,0 +1,65 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mimi + annotations: + operator.1password.io/auto-restart: "true" +spec: + replicas: 1 + template: + spec: + volumes: + - name: mimi + secret: + secretName: mimi + - name: irc + secret: + secretName: irc + - name: tmp + emptyDir: {} + securityContext: + fsGroup: 1000 + containers: + - name: main + image: ghcr.io/xe/x/mimi:latest + imagePullPolicy: "Always" + resources: + limits: + cpu: "4" + memory: "2Gi" + requests: + cpu: "2" + memory: "1Gi" + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + livenessProbe: + httpGet: + path: /healthz + port: 9002 + httpHeaders: + - name: X-Kubernetes + value: "is kinda okay" + initialDelaySeconds: 3 + periodSeconds: 3 + env: + - name: GRPC_ADDR + value: ":9001" + - name: HTTP_ADDR + value: ":9002" + volumeMounts: + - name: mimi + readOnly: true + mountPath: "/run/secrets/mimi" + - name: irc + readOnly: true + mountPath: "/run/secrets/irc" + - name: tmp + mountPath: "/tmp" diff --git a/cmd/mimi/manifest/inference-proxy.yaml b/cmd/mimi/manifest/inference-proxy.yaml new file mode 100644 index 0000000..6c9d6a4 --- /dev/null +++ b/cmd/mimi/manifest/inference-proxy.yaml @@ -0,0 +1,9 @@ +apiVersion: glaceon.friendshipcastle.zip/v1alpha1 +kind: MachineProxy +metadata: + name: ollama +spec: + org: personal + region: yyz + target: http://xe-inference.flycast + port: 80 diff --git a/cmd/mimi/manifest/ingress.yaml b/cmd/mimi/manifest/ingress.yaml new file mode 100644 index 0000000..72120dc --- /dev/null +++ b/cmd/mimi/manifest/ingress.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: mimi-public + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + ingressClassName: nginx + tls: + - hosts: + - mimi.techaro.lol + secretName: mimi-techaro-lol-public-tls + rules: + - host: mimi.techaro.lol + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: mimi + port: + name: http diff --git a/cmd/mimi/manifest/kustomization.yaml b/cmd/mimi/manifest/kustomization.yaml new file mode 100644 index 0000000..d0c1736 --- /dev/null +++ b/cmd/mimi/manifest/kustomization.yaml @@ -0,0 +1,10 @@ +resources: + - namespace.yaml + - inference-proxy.yaml + - mimi-1password.yaml + - deployment.yaml + - service.yaml + - ingress.yaml +namespace: mimi +commonLabels: + app.kubernetes.io/name: mimi diff --git a/cmd/mimi/manifest/mimi-1password.yaml b/cmd/mimi/manifest/mimi-1password.yaml new file mode 100644 index 0000000..e08203a --- /dev/null +++ b/cmd/mimi/manifest/mimi-1password.yaml @@ -0,0 +1,6 @@ +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: mimi +spec: + itemPath: "vaults/Kubernetes/items/Mimi" diff --git a/cmd/mimi/manifest/namespace.yaml b/cmd/mimi/manifest/namespace.yaml new file mode 100644 index 0000000..f6810d8 --- /dev/null +++ b/cmd/mimi/manifest/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: mimi diff --git a/cmd/mimi/manifest/service.yaml b/cmd/mimi/manifest/service.yaml new file mode 100644 index 0000000..4c2a8cf --- /dev/null +++ b/cmd/mimi/manifest/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: mimi +spec: + ports: + - protocol: TCP + port: 80 + targetPort: 9002 + name: http + - protocol: TCP + port: 9001 + targetPort: 9001 + name: grpc + type: ClusterIP diff --git a/cmd/mimi/yeetfile.js b/cmd/mimi/yeetfile.js index 5965463..4e73256 100644 --- a/cmd/mimi/yeetfile.js +++ b/cmd/mimi/yeetfile.js @@ -1,5 +1,5 @@ nix.build(".#docker.mimi"); docker.load("./result"); docker.push(`ghcr.io/xe/x/mimi`); -yeet.run("kubectl", "apply", "-f=manifest.yaml"); +yeet.run("kubectl", "apply", "-k=manifest"); yeet.run("sh", "-c", "kubectl rollout restart -n mimi deployments/mimi"); -- cgit v1.2.3