Compare commits

...

17 Commits

Author SHA1 Message Date
aff653320c Update argocd/apps/matrix-mrt0rtikize.yaml 2026-06-13 15:44:37 +00:00
d6a1c03a54 test matrix ess part 2 2026-06-10 17:06:08 +03:00
f8fa6123a8 test matrix ess 2026-06-10 17:01:49 +03:00
529ab59711 add mmproj for vision 2026-06-10 16:43:31 +03:00
d160219c6b adjust llama gpu params 2026-06-09 20:28:21 +03:00
866a2d19de add space to llama gpu models pvc 2026-06-09 17:40:02 +03:00
03986d7979 change fast model 2026-06-09 17:34:31 +03:00
8157d70e3f Remove legacy manifest directories (migrated to manifests/ and bootstrap/) 2026-05-07 21:43:03 +03:00
03b5b6f07c Remove llama-server-cpu from ArgoCD manifests 2026-05-07 21:39:38 +03:00
231e90a965 Add Longhorn master-head deploy manifest for bootstrap 2026-05-07 21:34:57 +03:00
bbb99916c3 rm cpu llama 2026-05-07 21:17:56 +03:00
de18bc5428 Revert SillyTavern OIDC via oauth2-proxy 2026-05-07 18:11:11 +03:00
1eb168c1d9 Add MAS OIDC auth to SillyTavern via oauth2-proxy 2026-05-07 17:59:27 +03:00
1107e33cbf Ignore replica drift for llama deployments 2026-05-07 17:21:37 +03:00
5ea0790105 Add Ingress health check customization for ArgoCD 2026-05-07 17:06:51 +03:00
d5695f4f64 add ingress for argo 2026-05-07 16:48:47 +03:00
666b099e28 change pods count for llama 2026-05-07 16:48:27 +03:00
34 changed files with 5050 additions and 1602 deletions

View File

@@ -20,3 +20,8 @@ spec:
selfHeal: true
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- group: apps
kind: Deployment
jsonPointers:
- /spec/replicas

View File

@@ -0,0 +1,51 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: matrix-mrt0rtikize
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: ghcr.io
chart: element-hq/ess-helm/matrix-stack
targetRevision: 26.6.1
helm:
values: |
serverName: mrt0rtikize.ru
certManager:
clusterIssuer: letsencrypt-production
ingress:
className: traefik
synapse:
ingress:
host: matrix.mrt0rtikize.ru
matrixAuthenticationService:
ingress:
host: account.mrt0rtikize.ru
elementWeb:
ingress:
host: chat.mrt0rtikize.ru
elementAdmin:
ingress:
host: admin.mrt0rtikize.ru
matrixRTC:
ingress:
host: mrtc.mrt0rtikize.ru
hookshot:
enabled: true
destination:
server: https://kubernetes.default.svc
namespace: matrix-mrt0rtikize
syncPolicy:
syncOptions:
- CreateNamespace=true

View File

@@ -8,6 +8,11 @@ configs:
cm:
timeout.reconciliation: 180s
helm.timeoutSeconds: "300"
resource.customizations.health.networking.k8s.io_Ingress: |
hs = {}
hs.status = "Healthy"
hs.message = "Ingress is synced"
return hs
redis:
image:

File diff suppressed because it is too large Load Diff

View File

View File

@@ -1,26 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: longhorn-ingress
namespace: longhorn-system
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
ingressClassName: traefik # We use Traefik as the ingress controller
tls:
- hosts:
- longhorn.mrt0rtikize.ru
secretName: longhorn-tls
rules:
- host: longhorn.mrt0rtikize.ru
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: longhorn-frontend # Service managing Longhorn dashboard
port:
number: 80 # Service port where Longhorn UI runs

View File

@@ -1,23 +0,0 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: longhorn
provisioner: driver.longhorn.io
parameters:
numberOfReplicas: '2'
staleReplicaTimeout: '30'
allowVolumeExpansion: true
reclaimPolicy: Retain
volumeBindingMode: Immediate
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: longhorn-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 2Gi

View File

@@ -1,10 +0,0 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: default-address-pool
namespace: metallb-system
spec:
addresses:
- 10.0.0.120-10.0.0.200
autoAssign: true
avoidBuggyIPs: true

View File

@@ -1,8 +0,0 @@
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: default-advertisement
namespace: metallb-system
spec:
ipAddressPools:
- default-address-pool

View File

@@ -1,147 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: llama-server-cpu
namespace: llama
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: llama-server-cpu
template:
metadata:
labels:
app: llama-server-cpu
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
prometheus.io/path: "/metrics"
spec:
nodeSelector:
gpu: amd
initContainers:
- name: download-model
image: python:3.11-slim
env:
- name: HF_HOME
value: /models/.hf
- name: MODEL_REPO
value: "byteshape/Qwen3-Coder-30B-A3B-Instruct-GGUF"
- name: MODEL_FILE
value: "Qwen3-Coder-30B-A3B-Instruct-IQ4_XS-4.20bpw.gguf"
command:
- /bin/sh
- -c
- |
set -eux
MODEL_PATH="/models/${MODEL_FILE}"
if [ -f "${MODEL_PATH}" ]; then
echo "Model already exists at ${MODEL_PATH}, skipping download"
exit 0
fi
echo "Installing Hugging Face Hub downloader"
pip install --no-cache-dir huggingface_hub
echo "Downloading ${MODEL_REPO}/${MODEL_FILE}"
python - <<'PY'
import os
from huggingface_hub import hf_hub_download
repo_id = os.environ["MODEL_REPO"]
filename = os.environ["MODEL_FILE"]
token = os.environ.get("HUGGING_FACE_HUB_TOKEN")
path = hf_hub_download(
repo_id=repo_id,
filename=filename,
local_dir="/models",
local_dir_use_symlinks=False,
token=token,
)
print(f"Downloaded to: {path}")
PY
ls -lah /models
volumeMounts:
- name: models
mountPath: /models
containers:
- name: llama
image: ghcr.io/ggml-org/llama.cpp:server
args:
- "--model"
- "/models/Qwen3-Coder-30B-A3B-Instruct-IQ4_XS-4.20bpw.gguf"
- "--host"
- "0.0.0.0"
- "--port"
- "8080"
- "--metrics"
- "--ctx-size"
- "32768"
- "--parallel"
- "1"
- "--cache-type-k"
- "q8_0"
- "--cache-type-v"
- "q8_0"
ports:
- name: http
containerPort: 8080
volumeMounts:
- name: models
mountPath: /models
resources:
requests:
cpu: "8"
memory: "24Gi"
limits:
cpu: "12"
memory: "24Gi"
volumes:
- name: models
persistentVolumeClaim:
claimName: llama-cpu-models-pvc
---
apiVersion: v1
kind: Service
metadata:
name: llama-server-cpu
namespace: llama
spec:
selector:
app: llama-server-cpu
ports:
- name: http
port: 8080
targetPort: http
type: ClusterIP
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: llama-server-cpu
namespace: llama
labels:
app: llama-server-cpu
spec:
namespaceSelector:
matchNames:
- llama
selector:
matchLabels:
app: llama-server-cpu
podMetricsEndpoints:
- port: http
path: /metrics
interval: 15s

View File

@@ -1,62 +0,0 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: radeon-exporter
namespace: llama
labels:
app: radeon-exporter
spec:
selector:
matchLabels:
app: radeon-exporter
template:
metadata:
labels:
app: radeon-exporter
spec:
nodeSelector:
gpu: amd
containers:
- name: radeon-exporter
image: kmulvey/radeon_exporter:latest
imagePullPolicy: IfNotPresent
ports:
- name: metrics
containerPort: 9200
securityContext:
privileged: true
volumeMounts:
- name: sys
mountPath: /sys
readOnly: true
- name: dri
mountPath: /dev/dri
readOnly: true
volumes:
- name: sys
hostPath:
path: /sys
type: Directory
- name: dri
hostPath:
path: /dev/dri
type: Directory
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: radeon-exporter
namespace: llama
labels:
monitoring: primary
spec:
namespaceSelector:
matchNames:
- llama
selector:
matchLabels:
app: radeon-exporter
podMetricsEndpoints:
- port: metrics
path: /metrics
interval: 15s

View File

@@ -1,116 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: litellm-postgres
namespace: llama
type: Opaque
stringData:
POSTGRES_DB: litellm
POSTGRES_USER: litellm
POSTGRES_PASSWORD: 7792e47efbc7348155f54a15ed34dc1d06716b2b1848711d0ee90e3461883c0d
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: litellm-postgres
namespace: llama
labels:
app.kubernetes.io/name: litellm-postgres
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: litellm-postgres
namespace: llama
labels:
app.kubernetes.io/name: litellm-postgres
app.kubernetes.io/component: database
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: litellm-postgres
app.kubernetes.io/component: database
template:
metadata:
labels:
app.kubernetes.io/name: litellm-postgres
app.kubernetes.io/component: database
spec:
containers:
- name: postgres
image: postgres:16
imagePullPolicy: IfNotPresent
ports:
- name: postgres
containerPort: 5432
env:
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: litellm-postgres
key: POSTGRES_DB
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: litellm-postgres
key: POSTGRES_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: litellm-postgres
key: POSTGRES_PASSWORD
volumeMounts:
- name: data
mountPath: /var/lib/postgresql
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U "$POSTGRES_USER" -d "$POSTGRES_DB"
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U "$POSTGRES_USER" -d "$POSTGRES_DB"
initialDelaySeconds: 20
periodSeconds: 20
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 256Mi
volumes:
- name: data
persistentVolumeClaim:
claimName: litellm-postgres
---
apiVersion: v1
kind: Service
metadata:
name: litellm-postgres
namespace: llama
labels:
app.kubernetes.io/name: litellm-postgres
app.kubernetes.io/component: database
spec:
selector:
app.kubernetes.io/name: litellm-postgres
app.kubernetes.io/component: database
ports:
- name: postgres
port: 5432
targetPort: postgres
type: ClusterIP

View File

@@ -1,202 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: litellm-secret
namespace: llama
labels:
app.kubernetes.io/name: litellm
app.kubernetes.io/component: gateway
type: Opaque
stringData:
LITELLM_MASTER_KEY: "6991c7c0f02b4bcf"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: litellm-config
namespace: llama
labels:
app.kubernetes.io/name: litellm
app.kubernetes.io/component: gateway
data:
config.yaml: |
model_list:
- model_name: fast
litellm_params:
model: openai/fast
api_base: "http://llama-server-gpu.llama.svc.cluster.local:8080/v1"
api_key: none
- model_name: smart
litellm_params:
model: openai/smart
api_base: "http://llama-server-cpu.llama.svc.cluster.local:8080/v1"
api_key: none
- model_name: rp
litellm_params:
model: openai/rp
api_base: "http://llama-server-gpu-rp.llama.svc.cluster.local:8080/v1"
api_key: none
litellm_settings:
callbacks:
- prometheus
general_settings:
store_model_in_db: true
store_prompts_in_spend_logs: true
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: litellm
namespace: llama
labels:
app.kubernetes.io/name: litellm
app.kubernetes.io/component: gateway
app.kubernetes.io/part-of: llama-stack
monitoring: prometheus
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: litellm
app.kubernetes.io/component: gateway
template:
metadata:
labels:
app.kubernetes.io/name: litellm
app.kubernetes.io/component: gateway
app.kubernetes.io/part-of: llama-stack
monitoring: prometheus
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "4000"
prometheus.io/path: "/metrics"
spec:
containers:
- name: litellm
image: ghcr.io/berriai/litellm:v1.82.6.rc.3
imagePullPolicy: IfNotPresent
args:
- "--config"
- "/app/config.yaml"
env:
- name: LITELLM_MASTER_KEY
valueFrom:
secretKeyRef:
name: litellm-secret
key: LITELLM_MASTER_KEY
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: litellm-postgres
key: POSTGRES_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: litellm-postgres
key: POSTGRES_PASSWORD
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: litellm-postgres
key: POSTGRES_DB
- name: DATABASE_URL
value: "postgresql://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@litellm-postgres.llama.svc.cluster.local:5432/$(POSTGRES_DB)"
ports:
- name: http
containerPort: 4000
protocol: TCP
volumeMounts:
- name: litellm-config
mountPath: /app/config.yaml
subPath: config.yaml
resources:
requests:
cpu: "500m"
memory: "1Gi"
limits:
cpu: "1000m"
memory: "2Gi"
volumes:
- name: litellm-config
configMap:
name: litellm-config
---
apiVersion: v1
kind: Service
metadata:
name: litellm
namespace: llama
labels:
app.kubernetes.io/name: litellm
app.kubernetes.io/component: gateway
app.kubernetes.io/part-of: llama-stack
monitoring: prometheus
spec:
selector:
app.kubernetes.io/name: litellm
app.kubernetes.io/component: gateway
ports:
- name: http
port: 4000
targetPort: http
protocol: TCP
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: litellm
namespace: llama
labels:
app.kubernetes.io/name: litellm
app.kubernetes.io/component: gateway
app.kubernetes.io/part-of: llama-stack
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
ingressClassName: traefik
tls:
- hosts:
- litellm.mrt0rtikize.ru
secretName: web-echo-tls
rules:
- host: litellm.mrt0rtikize.ru
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: litellm
port:
number: 4000
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: litellm
namespace: llama
labels:
app.kubernetes.io/name: litellm
app.kubernetes.io/component: gateway
app.kubernetes.io/part-of: llama-stack
release: kube-prometheus-stack
spec:
namespaceSelector:
matchNames:
- llama
selector:
matchLabels:
app.kubernetes.io/name: litellm
app.kubernetes.io/component: gateway
podMetricsEndpoints:
- port: http
path: /metrics
interval: 30s

View File

@@ -1,166 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: llama-server-gpu
namespace: llama
spec:
replicas: 1
selector:
matchLabels:
app: llama-server-gpu
template:
metadata:
labels:
app: llama-server-gpu
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
prometheus.io/path: "/metrics"
spec:
nodeSelector:
gpu: amd
initContainers:
- name: download-model
image: python:3.11-slim
env:
- name: HF_HOME
value: /models/.hf
- name: MODEL_REPO
value: "byteshape/Devstral-Small-2-24B-Instruct-2512-GGUF"
- name: MODEL_FILE
value: "Devstral-Small-2-24B-Instruct-2512-IQ4_XS-4.04bpw.gguf"
# optional, only if you need gated/private models
# - name: HUGGING_FACE_HUB_TOKEN
# valueFrom:
# secretKeyRef:
# name: hf-token
# key: token
command:
- /bin/sh
- -c
- |
set -eux
MODEL_PATH="/models/${MODEL_FILE}"
if [ -f "${MODEL_PATH}" ]; then
echo "Model already exists at ${MODEL_PATH}, skipping download"
exit 0
fi
echo "Installing Hugging Face Hub downloader"
pip install --no-cache-dir huggingface_hub
echo "Downloading ${MODEL_REPO}/${MODEL_FILE}"
python - <<'PY'
import os
from huggingface_hub import hf_hub_download
repo_id = os.environ["MODEL_REPO"]
filename = os.environ["MODEL_FILE"]
token = os.environ.get("HUGGING_FACE_HUB_TOKEN")
path = hf_hub_download(
repo_id=repo_id,
filename=filename,
local_dir="/models",
local_dir_use_symlinks=False,
token=token,
)
print(f"Downloaded to: {path}")
PY
ls -lah /models
volumeMounts:
- name: models
mountPath: /models
containers:
- name: llama
image: ghcr.io/ggml-org/llama.cpp:server-vulkan
args:
- "--model"
- "/models/Devstral-Small-2-24B-Instruct-2512-IQ4_XS-4.04bpw.gguf"
- "--host"
- "0.0.0.0"
- "--port"
- "8080"
- "--n-gpu-layers"
- "999"
- "--metrics"
# performance tuning
- "--ctx-size"
- "32768"
- "--parallel"
- "4"
# KV cache quantization
- "--cache-type-k"
- "q8_0"
- "--cache-type-v"
- "q8_0"
ports:
- name: http
containerPort: 8080
securityContext:
privileged: true
volumeMounts:
- name: models
mountPath: /models
- name: dri
mountPath: /dev/dri
resources:
requests:
cpu: "2"
memory: "4Gi"
limits:
cpu: "2"
memory: "4Gi"
volumes:
- name: models
persistentVolumeClaim:
claimName: llama-gpu-models-pvc
- name: dri
hostPath:
path: /dev/dri
type: Directory
---
apiVersion: v1
kind: Service
metadata:
name: llama-server-gpu
namespace: llama
spec:
selector:
app: llama-server-gpu
ports:
- name: http
port: 8080
targetPort: http
type: ClusterIP
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: llama-server-gpu
namespace: llama
labels:
app: llama-server-gpu
spec:
namespaceSelector:
matchNames:
- llama
selector:
matchLabels:
app: llama-server-gpu
podMetricsEndpoints:
- port: http
path: /metrics
interval: 15s

View File

@@ -1,42 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: llama
---
# apiVersion: storage.k8s.io/v1
# kind: StorageClass
# metadata:
# name: longhorn-llama
# provisioner: driver.longhorn.io
# parameters:
# numberOfReplicas: "2"
# staleReplicaTimeout: "30"
# allowVolumeExpansion: true
# reclaimPolicy: Retain
# volumeBindingMode: Immediate
# ---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: llama-gpu-models-pvc
namespace: llama
spec:
accessModes:
- ReadWriteOnce
# storageClassName: longhorn-llama
resources:
requests:
storage: 50Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: llama-cpu-models-pvc
namespace: llama
spec:
accessModes:
- ReadWriteOnce
# storageClassName: longhorn-llama
resources:
requests:
storage: 100Gi

View File

@@ -1,166 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: llama-server-gpu-rp
namespace: llama
spec:
replicas: 1
selector:
matchLabels:
app: llama-server-gpu-rp
template:
metadata:
labels:
app: llama-server-gpu-rp
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
prometheus.io/path: "/metrics"
spec:
nodeSelector:
gpu: amd
initContainers:
- name: download-model
image: python:3.11-slim
env:
- name: HF_HOME
value: /models/.hf
- name: MODEL_REPO
value: "mradermacher/Omega-Darker-Gaslight_The-Final-Forgotten-Fever-Dream-24B-GGUF"
- name: MODEL_FILE
value: "Omega-Darker-Gaslight_The-Final-Forgotten-Fever-Dream-24B.Q4_K_S.gguf"
# optional, only if you need gated/private models
# - name: HUGGING_FACE_HUB_TOKEN
# valueFrom:
# secretKeyRef:
# name: hf-token
# key: token
command:
- /bin/sh
- -c
- |
set -eux
MODEL_PATH="/models/${MODEL_FILE}"
if [ -f "${MODEL_PATH}" ]; then
echo "Model already exists at ${MODEL_PATH}, skipping download"
exit 0
fi
echo "Installing Hugging Face Hub downloader"
pip install --no-cache-dir huggingface_hub
echo "Downloading ${MODEL_REPO}/${MODEL_FILE}"
python - <<'PY'
import os
from huggingface_hub import hf_hub_download
repo_id = os.environ["MODEL_REPO"]
filename = os.environ["MODEL_FILE"]
token = os.environ.get("HUGGING_FACE_HUB_TOKEN")
path = hf_hub_download(
repo_id=repo_id,
filename=filename,
local_dir="/models",
local_dir_use_symlinks=False,
token=token,
)
print(f"Downloaded to: {path}")
PY
ls -lah /models
volumeMounts:
- name: models
mountPath: /models
containers:
- name: llama
image: ghcr.io/ggml-org/llama.cpp:server-vulkan
args:
- "--model"
- "/models/Omega-Darker-Gaslight_The-Final-Forgotten-Fever-Dream-24B.Q4_K_S.gguf"
- "--host"
- "0.0.0.0"
- "--port"
- "8080"
- "--n-gpu-layers"
- "999"
- "--metrics"
# performance tuning
- "--ctx-size"
- "32768"
- "--parallel"
- "1"
# KV cache quantization
- "--cache-type-k"
- "q8_0"
- "--cache-type-v"
- "q8_0"
ports:
- name: http
containerPort: 8080
securityContext:
privileged: true
volumeMounts:
- name: models
mountPath: /models
- name: dri
mountPath: /dev/dri
resources:
requests:
cpu: "2"
memory: "4Gi"
limits:
cpu: "2"
memory: "4Gi"
volumes:
- name: models
persistentVolumeClaim:
claimName: llama-gpu-models-pvc
- name: dri
hostPath:
path: /dev/dri
type: Directory
---
apiVersion: v1
kind: Service
metadata:
name: llama-server-gpu-rp
namespace: llama
spec:
selector:
app: llama-server-gpu-rp
ports:
- name: http
port: 8080
targetPort: http
type: ClusterIP
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: llama-server-gpu-rp
namespace: llama
labels:
app: llama-server-gpu-rp
spec:
namespaceSelector:
matchNames:
- llama
selector:
matchLabels:
app: llama-server-gpu-rp
podMetricsEndpoints:
- port: http
path: /metrics
interval: 15s

View File

@@ -1,26 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grafana
namespace: metrics
name: argocd
namespace: argocd
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
ingressClassName: traefik
tls:
- hosts:
- grafana.mrt0rtikize.ru
secretName: grafana-tls
- argocd.mrt0rtikize.ru
secretName: argocd-tls
rules:
- host: grafana.mrt0rtikize.ru
- host: argocd.mrt0rtikize.ru
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kube-prometheus-stack-grafana
name: argocd-server
port:
number: 80

View File

@@ -1,147 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: llama-server-cpu
namespace: llama
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: llama-server-cpu
template:
metadata:
labels:
app: llama-server-cpu
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
prometheus.io/path: "/metrics"
spec:
nodeSelector:
gpu: amd
initContainers:
- name: download-model
image: python:3.11-slim
env:
- name: HF_HOME
value: /models/.hf
- name: MODEL_REPO
value: "byteshape/Qwen3-Coder-30B-A3B-Instruct-GGUF"
- name: MODEL_FILE
value: "Qwen3-Coder-30B-A3B-Instruct-IQ4_XS-4.20bpw.gguf"
command:
- /bin/sh
- -c
- |
set -eux
MODEL_PATH="/models/${MODEL_FILE}"
if [ -f "${MODEL_PATH}" ]; then
echo "Model already exists at ${MODEL_PATH}, skipping download"
exit 0
fi
echo "Installing Hugging Face Hub downloader"
pip install --no-cache-dir huggingface_hub
echo "Downloading ${MODEL_REPO}/${MODEL_FILE}"
python - <<'PY'
import os
from huggingface_hub import hf_hub_download
repo_id = os.environ["MODEL_REPO"]
filename = os.environ["MODEL_FILE"]
token = os.environ.get("HUGGING_FACE_HUB_TOKEN")
path = hf_hub_download(
repo_id=repo_id,
filename=filename,
local_dir="/models",
local_dir_use_symlinks=False,
token=token,
)
print(f"Downloaded to: {path}")
PY
ls -lah /models
volumeMounts:
- name: models
mountPath: /models
containers:
- name: llama
image: ghcr.io/ggml-org/llama.cpp:server
args:
- "--model"
- "/models/Qwen3-Coder-30B-A3B-Instruct-IQ4_XS-4.20bpw.gguf"
- "--host"
- "0.0.0.0"
- "--port"
- "8080"
- "--metrics"
- "--ctx-size"
- "32768"
- "--parallel"
- "1"
- "--cache-type-k"
- "q8_0"
- "--cache-type-v"
- "q8_0"
ports:
- name: http
containerPort: 8080
volumeMounts:
- name: models
mountPath: /models
resources:
requests:
cpu: "8"
memory: "24Gi"
limits:
cpu: "12"
memory: "24Gi"
volumes:
- name: models
persistentVolumeClaim:
claimName: llama-cpu-models-pvc
---
apiVersion: v1
kind: Service
metadata:
name: llama-server-cpu
namespace: llama
spec:
selector:
app: llama-server-cpu
ports:
- name: http
port: 8080
targetPort: http
type: ClusterIP
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: llama-server-cpu
namespace: llama
labels:
app: llama-server-cpu
spec:
namespaceSelector:
matchNames:
- llama
selector:
matchLabels:
app: llama-server-cpu
podMetricsEndpoints:
- port: http
path: /metrics
interval: 15s

View File

@@ -27,9 +27,9 @@ spec:
- name: HF_HOME
value: /models/.hf
- name: MODEL_REPO
value: "byteshape/Devstral-Small-2-24B-Instruct-2512-GGUF"
value: "byteshape/Qwen3.6-35B-A3B-GGUF"
- name: MODEL_FILE
value: "Devstral-Small-2-24B-Instruct-2512-IQ4_XS-4.04bpw.gguf"
value: "Qwen3.6-35B-A3B-IQ3_S-3.00bpw.gguf"
# optional, only if you need gated/private models
# - name: HUGGING_FACE_HUB_TOKEN
# valueFrom:
@@ -82,7 +82,9 @@ spec:
image: ghcr.io/ggml-org/llama.cpp:server-vulkan
args:
- "--model"
- "/models/Devstral-Small-2-24B-Instruct-2512-IQ4_XS-4.04bpw.gguf"
- "/models/Qwen3.6-35B-A3B-IQ3_S-3.00bpw.gguf"
- "--mmproj"
- "/models/mmproj-bf16.gguf"
- "--host"
- "0.0.0.0"
- "--port"
@@ -93,9 +95,9 @@ spec:
# performance tuning
- "--ctx-size"
- "32768"
- "24576"
- "--parallel"
- "4"
- "2"
# KV cache quantization
- "--cache-type-k"

View File

@@ -26,7 +26,7 @@ spec:
# storageClassName: longhorn-llama
resources:
requests:
storage: 50Gi
storage: 100Gi
---
apiVersion: v1
kind: PersistentVolumeClaim

View File

@@ -1,62 +0,0 @@
# metrics stack
Opinionated manifests for deploying kube-prometheus-stack (Prometheus Operator + Grafana) together with a VictoriaMetrics single-node database in the `metrics` namespace.
## Install / upgrade
```sh
kubectl apply -f metrics/namespace.yaml
# kube-prometheus-stack
target=sc prometheus-community
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
helm upgrade --install kube-prometheus-stack prometheus-community/kube-prometheus-stack \
--namespace metrics \
--values metrics/kube-prometheus-stack-values.yaml
kubectl --namespace metrics get secret kube-prometheus-stack-grafana \
-o jsonpath="{.data.admin-password}" | base64 -d
echo
# expose grafana via Traefik
kubectl apply -f metrics/grafana-ingress.yaml
kubectl -n metrics get ingress grafana
# victoria metrics for long-term storage
helm repo add victoria-metrics https://victoriametrics.github.io/helm-charts
helm upgrade --install victoria-metrics-single victoria-metrics/victoria-metrics-single \
--namespace metrics \
--values metrics/victoria-metrics-single-values.yaml
# expose victoria metrics via ClusterIP for Prometheus/Grafana
kubectl apply -f metrics/victoria-metrics-service.yaml
```
The manifests default to the Yandex Managed Kubernetes dynamic storage class `yc-network-hdd`; tweak the `storageClassName`/`storageClass` fields and capacities if you prefer something else.
Before applying `metrics/grafana-ingress.yaml`, update the host (`grafana.playground.t01tt.tech`) and, if needed, change the `cert-manager.io/cluster-issuer` annotation to match your staging/production workflow. The ingress uses the `traefik` ingress class.
## Components
- **Prometheus Operator** provisions Prometheus, Alertmanager and related CRDs. Remote write targets VictoriaMetrics for durable retention.
- **Grafana** is pre-provisioned with persistence enabled and a secondary data source pointing at VictoriaMetrics.
- **VictoriaMetrics** stores metrics for long-term retention while also serving query traffic for Grafana. A dedicated ClusterIP service (`metrics/victoria-metrics-service.yaml`) exposes port 8428 for Prometheus remote write and Grafana queries.
## Database choices
Prometheus ships with an embedded TSDB. For longer retention, clustering or multi-tenant needs you can offload data to:
- **VictoriaMetrics** (single, clustered, or managed) cost-efficient, Prometheus-compatible, supports multi-year retention.
- **Thanos / Cortex / Grafana Mimir** horizontally scalable object-storage backed TSDBs with multi-cluster federation.
- **ClickHouse / TimescaleDB / PostgreSQL** SQL stores for advanced analytics (requires Promscale or similar adapter).
- **Graphite / InfluxDB** legacy or streaming-friendly stores; integrate via remote write adapters.
Pick the backend that matches your retention and query latency requirements. Remote write configuration lives under `prometheus.prometheusSpec.remoteWrite` in `kube-prometheus-stack-values.yaml`.
## Post-install checks
```sh
kubectl -n metrics get pods
kubectl -n metrics get svc
kubectl -n metrics get prometheus,prometheusrules,servicemonitors -A
```

View File

@@ -1,90 +0,0 @@
fullnameOverride: kube-prometheus
namespaceOverride: metrics
prometheusOperator:
namespace: metrics
admissionWebhooks:
failurePolicy: Ignore
alertmanager:
enabled: true
alertmanagerSpec:
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 200m
memory: 512Mi
storage:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
prometheus:
enabled: true
prometheusSpec:
replicas: 1
retention: 15d
walCompression: true
serviceMonitorSelectorNilUsesHelmValues: false
podMonitorSelectorNilUsesHelmValues: false
resources:
requests:
cpu: 100m
memory: 512Mi
limits:
cpu: 1000m
memory: 1Gi
storageSpec:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
remoteWrite:
- url: http://victoria-metrics.metrics.svc.cluster.local:8428/api/v1/write
queueConfig:
maxSamplesPerSend: 10000
capacity: 5000
maxShards: 30
kubeEtcd:
enabled: false
kubeControllerManager:
enabled: false
kubeScheduler:
enabled: false
kubeProxy:
enabled: false
grafana:
enabled: true
adminUser: admin
adminPassword: change-me
defaultDashboardsEnabled: true
resources:
requests:
cpu: 50m
memory: 256Mi
limits:
cpu: 200m
memory: 512Mi
persistence:
enabled: true
size: 10Gi
additionalDataSources:
- name: victoria-metrics
type: prometheus
access: proxy
url: http://victoria-metrics.metrics.svc.cluster.local:8428
isDefault: false

View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: metrics

View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: victoria-metrics
namespace: metrics
labels:
app.kubernetes.io/name: victoria-metrics-single
app.kubernetes.io/instance: victoria-metrics-single
app: server
spec:
selector:
app.kubernetes.io/name: victoria-metrics-single
app.kubernetes.io/instance: victoria-metrics-single
app: server
ports:
- name: http
port: 8428
targetPort: 8428
type: ClusterIP

View File

@@ -1,23 +0,0 @@
fullnameOverride: victoria-metrics-single
namespaceOverride: metrics
server:
retentionPeriod: 30d
scrapeInterval: 30s
replicaCount: 1
persistentVolume:
enabled: true
size: 200Gi
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 1Gi
service:
type: ClusterIP
port: 8428
serviceAccount:
create: true

View File

@@ -1,122 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: sillytavern-config
namespace: sillytavern
data:
config.yaml: |
dataRoot: ./data
listen: true
listenAddress:
ipv4: 0.0.0.0
ipv6: '[::]'
protocol:
ipv4: true
ipv6: false
dnsPreferIPv6: false
browserLaunch:
enabled: false
browser: 'default'
hostname: 'auto'
port: -1
avoidLocalhost: false
port: 8000
ssl:
enabled: false
certPath: "./certs/cert.pem"
keyPath: "./certs/privkey.pem"
keyPassphrase: ""
whitelistMode: false
enableForwardedWhitelist: false
whitelist:
- ::1
- 127.0.0.1
whitelistDockerHosts: false
basicAuthMode: false
basicAuthUser:
username: "user"
password: "password"
enableCorsProxy: false
requestProxy:
enabled: false
url: "socks5://username:password@example.com:1080"
bypass:
- localhost
- 127.0.0.1
enableUserAccounts: false
enableDiscreetLogin: false
perUserBasicAuth: false
sso:
autheliaAuth: false
authentikAuth: false
hostWhitelist:
enabled: false
scan: true
hosts: []
sessionTimeout: -1
disableCsrfProtection: false
securityOverride: false
logging:
enableAccessLog: true
minLogLevel: 0
rateLimiting:
preferRealIpHeader: false
backups:
common:
numberOfBackups: 50
chat:
enabled: true
checkIntegrity: true
maxTotalBackups: -1
throttleInterval: 10000
thumbnails:
enabled: true
format: "jpg"
quality: 95
dimensions: { 'bg': [160, 90], 'avatar': [96, 144], 'persona': [96, 144] }
performance:
lazyLoadCharacters: false
memoryCacheCapacity: '100mb'
useDiskCache: true
cacheBuster:
enabled: false
userAgentPattern: ''
allowKeysExposure: false
skipContentCheck: false
whitelistImportDomains:
- localhost
- cdn.discordapp.com
- files.catbox.moe
- raw.githubusercontent.com
- char-archive.evulid.cc
requestOverrides: []
extensions:
enabled: true
autoUpdate: true
models:
autoDownload: true
classification: Cohee/distilbert-base-uncased-go-emotions-onnx
captioning: Xenova/vit-gpt2-image-captioning
embedding: Cohee/jina-embeddings-v2-base-en
speechToText: Xenova/whisper-small
textToSpeech: Xenova/speecht5_tts
enableDownloadableTokenizers: true
promptPlaceholder: "[Start a new chat]"
openai:
randomizeUserId: false
captionSystemPrompt: ""
deepl:
formality: default
mistral:
enablePrefix: false
ollama:
keepAlive: -1
batchSize: -1
claude:
enableSystemPromptCache: false
cachingAtDepth: -1
extendedTTL: false
gemini:
apiVersion: 'v1beta'
enableServerPlugins: false
enableServerPluginsAutoUpdate: true

View File

@@ -1,61 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: sillytavern
namespace: sillytavern
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: sillytavern
template:
metadata:
labels:
app: sillytavern
spec:
containers:
- name: sillytavern
image: ghcr.io/sillytavern/sillytavern:latest
ports:
- containerPort: 8000
protocol: TCP
env:
- name: NODE_ENV
value: production
- name: FORCE_COLOR
value: "1"
envFrom:
- secretRef:
name: sillytavern-auth
volumeMounts:
- name: config
mountPath: /home/node/app/config/config.yaml
subPath: config.yaml
- name: data
mountPath: /home/node/app/data
- name: plugins
mountPath: /home/node/app/plugins
- name: extensions
mountPath: /home/node/app/public/scripts/extensions/third-party
resources:
requests:
cpu: "1"
memory: 1Gi
limits:
cpu: "4"
memory: 4Gi
volumes:
- name: config
configMap:
name: sillytavern-config
- name: data
persistentVolumeClaim:
claimName: sillytavern-data
- name: plugins
persistentVolumeClaim:
claimName: sillytavern-plugins
- name: extensions
persistentVolumeClaim:
claimName: sillytavern-extensions

View File

@@ -1,30 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: sillytavern
namespace: sillytavern
labels:
app.kubernetes.io/name: sillytavern
app.kubernetes.io/component: frontend
app.kubernetes.io/part-of: sillytavern
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
ingressClassName: traefik
tls:
- hosts:
- sillytavern.mrt0rtikize.ru
secretName: sillytavern-tls
rules:
- host: sillytavern.mrt0rtikize.ru
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: sillytavern
port:
number: 8000

View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: sillytavern

View File

@@ -1,35 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sillytavern-data
namespace: sillytavern
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sillytavern-plugins
namespace: sillytavern
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sillytavern-extensions
namespace: sillytavern
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

View File

@@ -1,10 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: sillytavern-auth
namespace: sillytavern
type: Opaque
stringData:
SILLYTAVERN_BASICAUTHMODE: "true"
SILLYTAVERN_BASICAUTHUSER_USERNAME: admin
SILLYTAVERN_BASICAUTHUSER_PASSWORD: 0cdaa30c396dae77

View File

@@ -1,13 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: sillytavern
namespace: sillytavern
spec:
selector:
app: sillytavern
ports:
- port: 8000
targetPort: 8000
protocol: TCP
type: ClusterIP