roger/k3s-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initialize repository with glance, litellm, openwebui, nas and pihole services

Browse Source
This commit is contained in:
Roger Oriol
2025-08-01 11:11:46 +02:00
commit 915d40cdce
12 changed files with 670 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
**/*secret*

0
glance/assets/user.css Normal file
View File

67
glance/config-map.yaml Normal file
View File

@@ -0,0 +1,67 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: glance-config
data:
glance.yml: |
pages:
# It's not necessary to create a new file for each page and include it, you can simply
# put its contents here, though multiple pages are easier to manage when separated
!include: home.yml
home.yml: |
- name: Home
# Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look
# hide-desktop-navigation: true
columns:
- size: small
widgets:
- type: calendar
first-day-of-week: monday
- size: full
widgets:
- type: group
widgets:
- type: rss
limit: 10
collapse-after: 3
cache: 12h
feeds:
- url: https://www.ruxu.dev/feed.xml
title: Ruxu.dev
- url: https://simonwillison.net/atom/everything/
title: Simon Willison
- url: https://www.gilesthomas.com/feed/rss.xml
title: Giles Thomas
- url: https://huggingface.co/blog/feed.xml
title: HuggingFace Blog
- url: https://www.philschmid.de/rss
title: Phil Schmid
- url: https://www.wheresyoured.at/rss/
title: Ed Zitron
- url: https://www.seangoedecke.com/rss.xml
- type: hacker-news
- type: lobsters
- type: videos
channels:
- UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling
- UCsBjURrPoezykLs9EqgamOA # Fireship
- UCHnyfMqiRRG1u-2MsSQLbXA # Veritasium
- UCC-lyoTfSrcJzA1ab3APAgw # LangChain
- UCkCGANrihzExmu9QiqZpPlQ # How Money Works
- UC55ODQSvARtgSyc8ThfiepQ # Sam Witteveen
- UCASM0cgfkJxQ1ICmRilfHLw # Patrick Boyle
- UCFCEuCsyWP0YkP3CZ3Mr01Q # The Plain Bagel
- UCDXTQ8nWmx_EhZ2v-kp7QxA # Ben Felix
- UCCKpicnIwBP3VPxBAZWDeNA # Money & Macro
- UCFQMnBA3CS502aghlcr0_aw # Coffeezilla
- UCsXVk37bltHxD1rDPwtNM8Q # Kurzgesagt
- UCHlNU7kIZhRgSbhHvFoy72w # HuggingFace
- UCeRjipR4_SsCddq9VZ2AeKg # LlamaIndex
- size: small
widgets:
- type: weather
location: Barcelona, Spain
units: metric # alternatively "imperial"
hour-format: 24h # alternatively "24h"
# Optionally hide the location from being displayed in the widget
# hide-location: true

12
glance/config/glance.yml Normal file
View File

@@ -0,0 +1,12 @@
server:
assets-path: /app/assets
theme:
# Note: assets are cached by the browser, changes to the CSS file
# will not be reflected until the browser cache is cleared (Ctrl+F5)
custom-css-file: /assets/user.css
pages:
# It's not necessary to create a new file for each page and include it, you can simply
# put its contents here, though multiple pages are easier to manage when separated
!include: home.yml

75
glance/config/home.yml Normal file
View File

@@ -0,0 +1,75 @@
- name: Home
# Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look
# hide-desktop-navigation: true
columns:
- size: small
widgets:
- type: calendar
first-day-of-week: monday
- size: full
widgets:
- type: group
widgets:
- type: rss
limit: 10
collapse-after: 3
cache: 12h
feeds:
- url: https://www.ruxu.dev/feed.xml
title: Ruxu.dev
- url: https://simonwillison.net/atom/everything/
title: Simon Willison
- url: https://www.gilesthomas.com/feed/rss.xml
title: Giles Thomas
- url: https://huggingface.co/blog/feed.xml
title: HuggingFace Blog
- url: https://www.philschmid.de/rss
title: Phil Schmid
- url: https://www.wheresyoured.at/rss/
title: Ed Zitron
- url: https://www.seangoedecke.com/rss.xml
- type: hacker-news
- type: lobsters
- type: videos
channels:
- UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling
- UCsBjURrPoezykLs9EqgamOA # Fireship
- UCHnyfMqiRRG1u-2MsSQLbXA # Veritasium
- UCC-lyoTfSrcJzA1ab3APAgw # LangChain
- UCkCGANrihzExmu9QiqZpPlQ # How Money Works
- UC55ODQSvARtgSyc8ThfiepQ # Sam Witteveen
- UCASM0cgfkJxQ1ICmRilfHLw # Patrick Boyle
- UCFCEuCsyWP0YkP3CZ3Mr01Q # The Plain Bagel
- UCDXTQ8nWmx_EhZ2v-kp7QxA # Ben Felix
- UCCKpicnIwBP3VPxBAZWDeNA # Money & Macro
- UCFQMnBA3CS502aghlcr0_aw # Coffeezilla
- UCsXVk37bltHxD1rDPwtNM8Q # Kurzgesagt
- UCHlNU7kIZhRgSbhHvFoy72w # HuggingFace
- UCeRjipR4_SsCddq9VZ2AeKg # LlamaIndex
- size: small
widgets:
- type: weather
location: Barcelona, Spain
units: metric # alternatively "imperial"
hour-format: 24h # alternatively "24h"
# Optionally hide the location from being displayed in the widget
# hide-location: true
- type: markets
markets:
- symbol: IE00B03HD191.IR
name: Vanguard Global Stock Index
- symbol: 0P00012I66.F
name: Vanguard Global Small-Cap Index
- symbol: 0P0001RCAQ.F
name: Renta 4 Renta Fija
- symbol: IWVL.L
name: iShares Edge MSCI World Value Factor
- symbol: XDEQ.DE
name: Xtracker MSCI World Quality ETF
- symbol: 0P000060MS.F
name: Vanguard Emerging Markets Stock Index

40
glance/glance.yaml Normal file
View File

@@ -0,0 +1,40 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: glance
spec:
replicas: 1
selector:
matchLabels:
app: glance
template:
metadata:
labels:
app: glance
spec:
containers:
- name: glance
image: glanceapp/glance
ports:
- containerPort: 8080
volumeMounts:
- name: config-volume
mountPath: /app/config
volumes:
- name: config-volume
configMap:
name: glance-config
---
apiVersion: v1
kind: Service
metadata:
name: glance-service
namespace: default
spec:
type: ClusterIP
selector:
app: glance
ports:
- name: http
port: 80
targetPort: 8080

72
ingress.yaml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: rogicasa-ingress
namespace: default # Change to your preferred namespace
annotations:
# Use Traefik as the ingress controller (default in k3s)
kubernetes.io/ingress.class: "traefik"
# Enable SSL redirect
traefik.ingress.kubernetes.io/redirect-entry-point: https
# Optional: enable compression
traefik.ingress.kubernetes.io/compress: "true"
cert-manager.io/issuer: prod-issuer
cert-manager.io/issuer-kind: OriginIssuer
cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com
spec:
tls:
- hosts:
- "*.rogi.casa"
secretName: rogicasa-tls
rules:
- host: glance.rogi.casa
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: glance-service
port:
number: 80
- host: pihole.rogi.casa
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: pihole-web
port:
number: 80
- host: litellm.rogi.casa
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: litellm-service
port:
number: 80
- host: openai.rogi.casa
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: open-webui-service
port:
number: 80
- host: nas.rogi.casa
http:
paths:
- pathType: Prefix
backend:
service:
name: external-ip
port:
number: 80
path: /

65
litellm/litellm.yaml Normal file
View File

@@ -0,0 +1,65 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: litellm-config-file
data:
config.yaml: |
model_list:
- model_name: gpt-4.1-mini
litellm_params:
model: openai/gpt-4.1-mini
api_key: "os.environ/OPENAI_API_KEY"
- model_name: qwen3:32b
litellm_params:
model: ollama/qwen3:32b
api_base: "http://10.88.88.236:11434"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: litellm-deployment
labels:
app: litellm
spec:
selector:
matchLabels:
app: litellm
template:
metadata:
labels:
app: litellm
spec:
containers:
- name: litellm
image: ghcr.io/berriai/litellm:main-stable # it is recommended to fix a version generally
args:
- "--config"
- "/app/proxy_server_config.yaml"
ports:
- containerPort: 4000
volumeMounts:
- name: config-volume
mountPath: /app/proxy_server_config.yaml
subPath: config.yaml
envFrom:
- secretRef:
name: litellm-secrets
volumes:
- name: config-volume
configMap:
name: litellm-config-file
---
apiVersion: v1
kind: Service
metadata:
name: litellm-service
namespace: default
spec:
type: ClusterIP
selector:
app: litellm
ports:
- name: http
port: 80
targetPort: 4000

73
litellm/postgres.yaml Normal file
View File

@@ -0,0 +1,73 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: postgres-volume
labels:
type: local
app: postgres
spec:
storageClassName: manual
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
hostPath:
path: /data/postgresql
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-volume-claim
labels:
app: postgres
spec:
storageClassName: manual
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: 'postgres:16'
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5432
envFrom:
- configMapRef:
name: postgres-secret
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgresdata
volumes:
- name: postgresdata
persistentVolumeClaim:
claimName: postgres-volume-claim
---
apiVersion: v1
kind: Service
metadata:
name: postgres
labels:
app: postgres
spec:
type: NodePort
ports:
- port: 5432
selector:
app: postgres

45
nas.yaml Normal file
View File

@@ -0,0 +1,45 @@
#apiVersion: networking.k8s.io/v1
#kind: Ingress
#metadata:
# name: nas-redirect
# annotations:
# nginx.ingress.kubernetes.io/permanent-redirect: "http://10.88.88.238:5000"
#spec:
# rules:
# - host: nas.rogi.casa
# http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: dummy-service
# port:
# number: 80
apiVersion: v1
kind: Service
metadata:
name: external-ip
spec:
ports:
- name: app
port: 80
protocol: TCP
targetPort: 5000
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: external-ip
subsets:
- addresses:
- ip: 10.88.88.238
ports:
- name: app
port: 5000
protocol: TCP

90
openwebui/openwebui.yaml Normal file
View File

@@ -0,0 +1,90 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: openwebui-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: open-webui
name: open-webui
spec:
replicas: 1
selector:
matchLabels:
app: open-webui
template:
metadata:
labels:
app: open-webui
spec:
volumes:
- name: webui-data
persistentVolumeClaim:
claimName: openwebui-pvc
containers:
- image: ghcr.io/open-webui/open-webui
name: open-webui
ports:
- containerPort: 8080
volumeMounts:
- name: webui-data
mountPath: /app/backend/data
resources:
requests:
cpu: 1000m
memory: 128Mi
limits:
cpu: 2000m
memory: 1Gi
livenessProbe:
httpGet:
path: /
port: 8080
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 2
periodSeconds: 10
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /
port: 8080
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 2
periodSeconds: 5
successThreshold: 1
failureThreshold: 3
startupProbe:
httpGet:
path: /
port: 8080
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 2
periodSeconds: 5
successThreshold: 1
failureThreshold: 30
---
apiVersion: v1
kind: Service
metadata:
labels:
app: open-webui
name: open-webui-service
spec:
ports:
- name: http
port: 80
targetPort: 8080
selector:
app: open-webui

130
pihole/pihole.yaml Normal file
View File

@@ -0,0 +1,130 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pihole-pvc
namespace: default
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pihole
namespace: default
labels:
app: pihole
spec:
replicas: 1
selector:
matchLabels:
app: pihole
template:
metadata:
labels:
app: pihole
spec:
containers:
- name: pihole
image: pihole/pihole:latest
ports:
- containerPort: 80
name: http
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 53
name: dns-udp
protocol: UDP
env:
- name: TZ
value: "Europe/Madrid"
#- name: WEBPASSWORD
#value: ""
#- name: FTLCONF_webserver_api_password
#value: ''
- name: FTLCONF_REPLY_ADDR4
value: pihole
- name: FTLCONF_dns_upstreams
value: "8.8.8.8;8.8.4.4"
#- name: PIHOLE_DNS_
#value: 127.0.0.1#5054
#- name: PIHOLE_DNS_
#value: "8.8.8.8;8.8.4.4"
#- name: DNSMASQ_LISTENING
#value: "all"
- name: FTLCONF_dns_listeningMode
value: "all"
- name: WEB_PORT
value: "80"
#- name: VIRTUAL_HOST
#value: "pihole"
#- name: FTLCONF_LOCAL_IPV4
#value: "0.0.0.0"
- name: SKIPGRAVITYONBOOT
value: "1"
volumeMounts:
- name: pihole-data
mountPath: /etc/pihole
#- name: pihole-dnsmasq
#mountPath: /etc/dnsmasq.d
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
securityContext:
capabilities:
add:
- NET_ADMIN
- SYS_TIME
- SYS_NICE
volumes:
- name: pihole-data
persistentVolumeClaim:
claimName: pihole-pvc
#- name: pihole-dnsmasq
#emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: pihole-web
namespace: default
labels:
app: pihole
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
selector:
app: pihole
---
apiVersion: v1
kind: Service
metadata:
name: pihole-dns
namespace: default
labels:
app: pihole
spec:
type: LoadBalancer # Change to NodePort or ClusterIP as needed
ports:
- port: 53
targetPort: 53
protocol: TCP
name: dns-tcp
- port: 53
targetPort: 53
protocol: UDP
name: dns-udp
selector:
app: pihole