From 1357498b2e898c3deff1326cd6e1f50cdef88b7c Mon Sep 17 00:00:00 2001 From: Moritz Graf Date: Mon, 21 Apr 2025 16:11:22 +0200 Subject: [PATCH] Adding current state that was previously created to make the repo cleaner --- k8s/README.md | 18 +++- k8s/devbox.json | 14 +++ k8s/devbox.lock | 73 +++++++++++++++ k8s/influxdb/influxdb2.secret.yml | 51 ++++++++++ k8s/llm/llama_cpp_hosting.yaml | 135 +++++++++++++++++++++++++++ k8s/llm_hosting.md | 24 +++++ k8s/migrate/migrate_snmp.secret.yaml | Bin 0 -> 1417 bytes k8s/migrate/rclone.secret.yml | 11 +++ 8 files changed, 321 insertions(+), 5 deletions(-) create mode 100644 k8s/devbox.json create mode 100644 k8s/devbox.lock create mode 100644 k8s/influxdb/influxdb2.secret.yml create mode 100644 k8s/llm/llama_cpp_hosting.yaml create mode 100644 k8s/llm_hosting.md create mode 100644 k8s/migrate/migrate_snmp.secret.yaml create mode 100644 k8s/migrate/rclone.secret.yml diff --git a/k8s/README.md b/k8s/README.md index e30fa9a..e80affc 100644 --- a/k8s/README.md +++ b/k8s/README.md @@ -560,7 +560,17 @@ Test imap from console: openssl s_client -crlf -connect moritzgraf.de:993 ``` -### migrate +### migrate to GoogleWorkspace + +Namespace `migrate`is used. + +``` +kubectl create ns migrate +``` + + + +### old migrate (from before GoogleWorkspace) ```sh # backup on moritzgraf.de @@ -594,11 +604,9 @@ Checks: * browser mail.moritzgraf.de & login * browser mail.moritzgraf.de/admin -## Add mopbot & corona & corona-api +## mopbot -```sh -kubectl apply -f datalab/ -``` +Mopbot deployment has been moved to the mopbot repository itself. ## zebrium diff --git a/k8s/devbox.json b/k8s/devbox.json new file mode 100644 index 0000000..5a50a91 --- /dev/null +++ b/k8s/devbox.json @@ -0,0 +1,14 @@ +{ + "$schema": "https://raw.githubusercontent.com/jetify-com/devbox/0.12.0/.schema/devbox.schema.json", + "packages": ["wireguard-tools@latest"], + "shell": { + "init_hook": [ + "echo 'Welcome to devbox!' > /dev/null" + ], + "scripts": { + "test": [ + "echo \"Error: no test specified\" && exit 1" + ] + } + } +} diff --git a/k8s/devbox.lock b/k8s/devbox.lock new file mode 100644 index 0000000..5a66bd4 --- /dev/null +++ b/k8s/devbox.lock @@ -0,0 +1,73 @@ +{ + "lockfile_version": "1", + "packages": { + "wireguard-tools@latest": { + "last_modified": "2024-08-14T11:41:26Z", + "resolved": "github:NixOS/nixpkgs/0cb2fd7c59fed0cd82ef858cbcbdb552b9a33465#wireguard-tools", + "source": "devbox-search", + "version": "1.0.20210914", + "systems": { + "aarch64-darwin": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/m87fr53h4yn9ivzx623vb6jndilnab03-wireguard-tools-1.0.20210914", + "default": true + }, + { + "name": "man", + "path": "/nix/store/w7wg6y3mdb1b8jwr1l2c7a1ja4x8znbz-wireguard-tools-1.0.20210914-man", + "default": true + } + ], + "store_path": "/nix/store/m87fr53h4yn9ivzx623vb6jndilnab03-wireguard-tools-1.0.20210914" + }, + "aarch64-linux": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/yx0kjydlczhjalaimzgyd16l6anxafrl-wireguard-tools-1.0.20210914", + "default": true + }, + { + "name": "man", + "path": "/nix/store/ljr81m9ahrv4n3h0csqc8mlxc0i3av3l-wireguard-tools-1.0.20210914-man", + "default": true + } + ], + "store_path": "/nix/store/yx0kjydlczhjalaimzgyd16l6anxafrl-wireguard-tools-1.0.20210914" + }, + "x86_64-darwin": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/xn4rbg2fz0fcz62nfpmpcnihf9rfm5r0-wireguard-tools-1.0.20210914", + "default": true + }, + { + "name": "man", + "path": "/nix/store/72xv0pyigi6lxjpw5l5mvgvs34m9rpg1-wireguard-tools-1.0.20210914-man", + "default": true + } + ], + "store_path": "/nix/store/xn4rbg2fz0fcz62nfpmpcnihf9rfm5r0-wireguard-tools-1.0.20210914" + }, + "x86_64-linux": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/8wgicrd7x6mvbgwyfw2sdkjcb0fjfwsb-wireguard-tools-1.0.20210914", + "default": true + }, + { + "name": "man", + "path": "/nix/store/5ri4kwk5x0bk8xd5hx4fgqbbcxkgzlzr-wireguard-tools-1.0.20210914-man", + "default": true + } + ], + "store_path": "/nix/store/8wgicrd7x6mvbgwyfw2sdkjcb0fjfwsb-wireguard-tools-1.0.20210914" + } + } + } + } +} diff --git a/k8s/influxdb/influxdb2.secret.yml b/k8s/influxdb/influxdb2.secret.yml new file mode 100644 index 0000000..9f5bcf1 --- /dev/null +++ b/k8s/influxdb/influxdb2.secret.yml @@ -0,0 +1,51 @@ +## Create default user through docker entrypoint +## Defaults indicated below +## +adminUser: + organization: "influxdata" + bucket: "default" + user: "admin" + retention_policy: "0s" + ## Leave empty to generate a random password and token. + ## Or fill any of these values to use fixed values. + password: "doa6seetaTh6wu3Iech5al0Aiquiog" + #token: "enaiY9yaiWi6ahv0phoph3FaiphoGh" + + ## The password and token are obtained from an existing secret. The expected + ## keys are `admin-password` and `admin-token`. + ## If set, the password and token values above are ignored. + # existingSecret: influxdb-auth + +## Persist data to a persistent volume +## +persistence: + enabled: true + ## If true will use an existing PVC instead of creating one + # useExisting: false + ## Name of existing PVC to be used in the influx deployment + # name: + ## influxdb data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteOnce + size: 10Gi + mountPath: /var/lib/influxdb2 + subPath: "" + +ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # className: nginx + tls: false + # secretName: my-tls-cert # only needed if tls above is true or default certificate is not configured for Nginx + hostname: influxdb.foobar.com + annotations: {} + # kubernetes.io/ingress.class: "nginx" + # kubernetes.io/tls-acme: "true" + path: / \ No newline at end of file diff --git a/k8s/llm/llama_cpp_hosting.yaml b/k8s/llm/llama_cpp_hosting.yaml new file mode 100644 index 0000000..8d4f4af --- /dev/null +++ b/k8s/llm/llama_cpp_hosting.yaml @@ -0,0 +1,135 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: llm + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: llama-cpp-server + namespace: llm +spec: + replicas: 1 + selector: + matchLabels: + app: llama-cpp-server + strategy: + type: Recreate + template: + metadata: + labels: + app: llama-cpp-server + spec: + initContainers: + - name: download-model + image: curlimages/curl + command: + - /bin/sh + - -c + - | + MODEL_URL="https://huggingface.co/QuantFactory/Meta-Llama-3-8B-Instruct-GGUF/resolve/main/Meta-Llama-3-8B-Instruct.Q8_0.gguf?download=true" + MODEL_FILE="/models/Meta-Llama-3-8B-Instruct.Q8_0.gguf" + # Purge everything except the desired model file + find /models -type f ! -name "$(basename $MODEL_FILE)" -delete + # Check if the model file does not exist and then download it + if [ ! -f $MODEL_FILE ]; then + curl -L -o $MODEL_FILE $MODEL_URL + fi + volumeMounts: + - name: model-storage + mountPath: /models + containers: + - name: llama-cpp-server + image: ghcr.io/ggerganov/llama.cpp:server + command: + - /server + - -m + - "/models/Meta-Llama-3-8B-Instruct.Q8_0.gguf" + - --port + - "8000" + - --host + - "0.0.0.0" + - -n + - "512" + resources: + requests: + memory: "18Gi" + cpu: 0.1 + volumeMounts: + - name: model-storage + mountPath: /models + volumes: + - name: model-storage + persistentVolumeClaim: + claimName: llama-model-pvc + +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: llama-model-pvc + namespace: llm +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: llama-server-service + namespace: llm +spec: + type: ClusterIP + selector: + app: llama-cpp-server + ports: + - protocol: TCP + port: 8000 + targetPort: 8000 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: llama-server-service + namespace: llm + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/auth-realm: Authentication Required - llama webui + nginx.ingress.kubernetes.io/auth-secret: llama-auth + nginx.ingress.kubernetes.io/auth-type: basic + cert-manager.io/cluster-issuer: "letsencrypt-prod" + kubernetes.io/ingress.class: nginx +spec: + ingressClassName: nginx + tls: + - hosts: + - "llama.moritzgraf.de" + secretName: llama-moritzgraf-de + rules: + - host: llama.moritzgraf.de + http: + paths: + - backend: + service: + name: llama-server-service + port: + number: 8000 + path: / + pathType: Prefix +--- +apiVersion: v1 +data: + # fabian:stinkt + # $htpasswd -c auth fabian + # -> Creates file auth with creds, does not work in git repo. unkn why. + auth: ZmFiaWFuOiRhcHIxJHRTV3YzU3hOJHJPZEJ5WXhYdG4vbVJtSzhtaENWZy4K +kind: Secret +metadata: + name: llama-auth + namespace: llm +type: Opaque diff --git a/k8s/llm_hosting.md b/k8s/llm_hosting.md new file mode 100644 index 0000000..bb7be45 --- /dev/null +++ b/k8s/llm_hosting.md @@ -0,0 +1,24 @@ +# llm-hosting + +This is an extended article to not have to write everything in the main readme. This chapter takes care of hosting llm models on the server. + +## deploy + +```sh +kubectl apply -f llm/llama_cpp_hosting.yaml +``` + +## development + +```sh + +``` + +## links + +Two examples of model files that are currently tried out: +* [https://huggingface.co/MaziyarPanahi/Meta-Llama-3-70B-Instruct-GGUF/resolve/main/Meta-Llama-3-70B-Instruct.IQ1_S.gguf?download=true](https://huggingface.co/MaziyarPanahi/Meta-Llama-3-70B-Instruct-GGUF/resolve/main/Meta-Llama-3-70B-Instruct.IQ1_S.gguf?download=true) + * From [this page](https://huggingface.co/MaziyarPanahi/Meta-Llama-3-70B-Instruct-GGUF/tree/main). +* [https://huggingface.co/QuantFactory/Meta-Llama-3-8B-Instruct-GGUF/resolve/main/Meta-Llama-3-8B-Instruct.Q8_0.gguf?download=true](https://huggingface.co/QuantFactory/Meta-Llama-3-8B-Instruct-GGUF/resolve/main/Meta-Llama-3-8B-Instruct.Q8_0.gguf?download=true) + * From [this page](https://huggingface.co/QuantFactory/Meta-Llama-3-8B-Instruct-GGUF/tree/main). + diff --git a/k8s/migrate/migrate_snmp.secret.yaml b/k8s/migrate/migrate_snmp.secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..0bb634d2fc398d11d915b97b63d105b6f858f75e GIT binary patch literal 1417 zcmV;41$O!XM@dveQdv+`0E^$Sh)y96U2oG&J%>Z`pyYa>aR-6#E0Px;AWPL_(ggb| zNdEijMc8gizew_@ky&c!?JU)Vi7-{ z z&mcXv&Or41o8;Gcm0XfH7DUaxw5Wg+sVdcBcGO(0=jd&}8mVhY-@U}~@VQ3)l%1I4 zP*P?SobcCLa1hUV1$ZTpeTi%Xb6LY<-V!I}0Ndx`22;F}PT#W_!Wri`*=UIAom`yc z8R%H>0{S8Qcz3RX1h5hsgSZyIbo20he$Uc^D7mHyTYh$SEJZ8>jjg2|neq97dFXN~ zWeRXM}OfO^=#y<`k|;oSLkZt`9#pBE&Fk++RSn_4adxP8 zP%H58WqIOD)agr3>=ecVb6I`xBt}=NM@&3YcK8Y=)F~+}+o6-NVK^@JexF-6$@-ic zkFrjovJd7RTT(mMpBfjwSQ^czxe_e^(35C7sqrjS{{P>p7~q<>3CJQg+Dd+j#RTa# z`7vB}d;m--43Q7=4EhJZ%C{OOAah6w8AdSx6WcS$HEFBY%0HQJv{v z7DThxRxd@=Bkuhp(g7N={k@g(fNbpUtW%y!Sd0wTAkr)EW6(-L@3| z%#${HOl(`HBX$b1FKVv^W*QbL{g5_SfuztZ>QW7Q1wJLv7ku&Zv%1$fAoBysgK z=pmYlAod&{hv-O>0<86EYmATMEOCA`FUSDQ9~-W$t`@y#UYrLG#I;MTPKT#4_euUDT|1#-@~_eS6xr6sr5AIhG0=aXtiW6MF%bg0zb4K+%V{KU0i)I#kzS~Go7(s3fCtIrjhQ&-M8jAJDH9`Og z+y>JSKMnHSw%ZT($NTXdZ0?|{A-$cy0#rpV z7H~dh#l+zi05C%&vS}a|uIoo_J8LS?Xf+J8D$Yp_n7r%VI#$jOGNOx5OM0OuI0sk5 zyFK8DQSgJRtAeCb&NiIv;c8b97c-%I4{a9F5I_zSvd(m^yJtO6YMe!YZmfC6he|2@ zBU~>WG5==P#$5j#$NLT7fY&i?T)YsGk>~8g1TU*w8CK2xGyg~MfC`1*DI(*p^Wy1s XhGQ;j=^vXoP`56vn=LoYDUd8}@eZ}j literal 0 HcmV?d00001 diff --git a/k8s/migrate/rclone.secret.yml b/k8s/migrate/rclone.secret.yml new file mode 100644 index 0000000..4e5f393 --- /dev/null +++ b/k8s/migrate/rclone.secret.yml @@ -0,0 +1,11 @@ +kind: ConfigMap +metadata: + creationTimestamp: null + name: rclone-dropbox-config + namespace: backup +apiVersion: v1 +data: + rclone.conf: | + [dropbox] + type = dropbox + token = {"access_token":"17hvEArIh3cAAAAAAAGTXUfwkGdz8EC_rDcEseLmSRltQoUz_AVceuUewx0sGMQ1","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"}