cypher
/
betelgeusebytes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: cypher:f4ba4ba7d6eec7d6e257dd36ac4b06ef8e20a2e5
Branches Tags
cypher:main
..
compare: cypher:6463d4a1406f36d0b8261fd83553aff08252ac8b
Branches Tags
cypher:main

No commits in common. "f4ba4ba7d6eec7d6e257dd36ac4b06ef8e20a2e5" and "6463d4a1406f36d0b8261fd83553aff08252ac8b" have entirely different histories.
f4ba4ba7d6 ... 6463d4a140

6 changed files with 6 additions and 148 deletions
Show Stats Expand all files Collapse all files

22
ansible/inventories/prod/hosts-ha.ini
View File

@ -1,22 +0,0 @@
[k8s_control_plane]
hetzner-1 ansible_host=95.217.89.53 public_ip=95.217.89.53 wg_address=10.66.0.11
[new_control_planes]
cp-1 ansible_host=89.167.73.124 public_ip=89.167.73.124 wg_address=10.66.0.1
cp-2 ansible_host=46.62.155.1 public_ip=46.62.155.1 wg_address=10.66.0.2
cp-3 ansible_host=37.27.200.183 public_ip=37.27.200.183 wg_address=10.66.0.3
[k8s_workers]
hetzner-1 ansible_host=95.217.89.53 public_ip=95.217.89.53 wg_address=10.66.0.11
hetzner-2 ansible_host=138.201.254.97 public_ip=138.201.254.97 wg_address=10.66.0.12
[k8s_nodes:children]
k8s_control_plane
k8s_workers
new_control_planes
[all:vars]
ansible_user=root
ansible_password=3Lcd0504
ansible_become=true

60
ansible/playbooks/bootstrap-new-cps.yaml
View File

@ -1,60 +0,0 @@
---
# Step 1: Install base packages on new CP nodes
- hosts: new_control_planes
become: yes
roles:
- common
- wireguard
- containerd
- kubernetes
# Step 2: Update WireGuard on existing nodes to know about new peers
- hosts: k8s_workers
become: yes
roles:
- wireguard
# Step 3: Get join credentials from existing CP
- hosts: k8s_control_plane[0]
become: yes
roles:
- kubeadm_cp_discovery
# Step 4: Join new nodes as control planes
- hosts: new_control_planes
become: yes
serial: 1 # Join one at a time for safety
tasks:
- name: Join as control plane
command: >-
{{ hostvars[groups['k8s_control_plane'][0]].kubeadm_cp_join_cmd }}
--control-plane-endpoint cp.k8s.betelgeusebytes.io:6443
--apiserver-advertise-address {{ wg_address }}
args:
creates: /etc/kubernetes/kubelet.conf
- name: Setup kubeconfig
shell: |
mkdir -p /root/.kube
cp -f /etc/kubernetes/admin.conf /root/.kube/config
- name: Update kubelet server to DNS endpoint
replace:
path: /etc/kubernetes/kubelet.conf
regexp: 'server: https://[0-9.]+:6443'
replace: 'server: https://cp.k8s.betelgeusebytes.io:6443'
- name: Update admin.conf server to DNS endpoint
replace:
path: /etc/kubernetes/admin.conf
regexp: 'server: https://[0-9.]+:6443'
replace: 'server: https://cp.k8s.betelgeusebytes.io:6443'
- name: Restart kubelet
service:
name: kubelet
state: restarted
- name: Taint node as control-plane only
command: kubectl taint nodes {{ inventory_hostname }} node-role.kubernetes.io/control-plane:NoSchedule --overwrite
delegate_to: "{{ groups['k8s_control_plane'][0] }}"

3
ansible/roles/wireguard/vars/main.yml
View File

@ -2,8 +2,5 @@ wg_interface: wg0
wg_port: 51820 wg_port: 51820
wg_cidr: 10.66.0.0/24 wg_cidr: 10.66.0.0/24
wg_nodes: wg_nodes:
cp-1: { address: 10.66.0.1, public_ip: "89.167.73.124" }
cp-2: { address: 10.66.0.2, public_ip: "46.62.155.1" }
cp-3: { address: 10.66.0.3, public_ip: "37.27.200.183" }
hetzner-1: { address: 10.66.0.11, public_ip: "95.217.89.53" } hetzner-1: { address: 10.66.0.11, public_ip: "95.217.89.53" }
hetzner-2: { address: 10.66.0.12, public_ip: "138.201.254.97" } hetzner-2: { address: 10.66.0.12, public_ip: "138.201.254.97" }

4
k8s/gitea/gitea.yaml
View File

@ -24,8 +24,8 @@ spec:
- { name: GITEA__database__DB_TYPE, value: "postgres" } - { name: GITEA__database__DB_TYPE, value: "postgres" }
- { name: GITEA__database__HOST, value: "postgres.db.svc.cluster.local:5432" } - { name: GITEA__database__HOST, value: "postgres.db.svc.cluster.local:5432" }
- { name: GITEA__database__NAME, value: "gitea" } - { name: GITEA__database__NAME, value: "gitea" }
- { name: GITEA__database__USER, value: "hadith_ingest" } - { name: GITEA__database__USER, value: "app" }
- { name: GITEA__database__PASSWD, value: "hadith_ingest" } - { name: GITEA__database__PASSWD, value: "pa$$word" }
ports: [{ containerPort: 3000 }] ports: [{ containerPort: 3000 }]
volumeMounts: volumeMounts:
- { name: data, mountPath: /data } - { name: data, mountPath: /data }

30
k8s/vllm/pv-pvc.yaml
View File

@ -1,30 +0,0 @@
# PV
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-vllm
spec:
capacity:
storage: 60Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: local-ssd-hetzner
local:
path: /mnt/local-ssd/vllm
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- hetzner-2
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata: { name: ollama-data, namespace: ml }
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: local-ssd-hetzner
resources: { requests: { storage: 60Gi } }

35
k8s/vllm/vllm.yaml
View File

@ -5,7 +5,7 @@ metadata:
name: pv-vllm name: pv-vllm
spec: spec:
capacity: capacity:
storage: 100Gi storage: 50Gi
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
@ -50,35 +50,8 @@ spec:
ollama serve & # start a temp daemon ollama serve & # start a temp daemon
sleep 2 sleep 2
# pull one or more small, quantized models for CPU # pull one or more small, quantized models for CPU
echo "Pulling model pack (CPU-friendly, reliable families)..."
ollama pull qwen2.5:3b-instruct-q4_K_M || true ollama pull qwen2.5:3b-instruct-q4_K_M || true
ollama pull llama3.2:3b-instruct-q4_K_M || true ollama pull llama3.2:3b-instruct-q4_K_M || true
# --- QWEN 3 (latest generation) ---
# fast + instruct
ollama pull qwen3:4b-instruct || true
# balanced default
ollama pull qwen3:8b || true
# higher quality (slower on CPU)
# ollama pull qwen3:14b || true
# --- CODING ---
ollama pull qwen2.5-coder:7b || true
# --- REASONING ---
ollama pull deepseek-r1:8b || true
# --- STRONG GENERALIST (long context) ---
# ollama pull mistral-nemo:latest || true
# --- SMALL + FAST FALLBACK ---
# ollama pull llama3.2:3b-instruct-q4_K_M || true
# ollama pull phi3.5:latest || true
# --- ALTERNATE GENERALIST ---
# ollama pull gemma2:9b || true
# --- EMBEDDINGS (for RAG) ---
# ollama pull qwen3-embedding:4b || true
pkill ollama || true pkill ollama || true
volumeMounts: volumeMounts:
- { name: data, mountPath: /root/.ollama } - { name: data, mountPath: /root/.ollama }
@ -92,8 +65,8 @@ spec:
volumeMounts: volumeMounts:
- { name: data, mountPath: /root/.ollama } - { name: data, mountPath: /root/.ollama }
resources: resources:
requests: { cpu: "4", memory: "16Gi" } requests: { cpu: "2", memory: "4Gi" }
limits: { cpu: "8", memory: "32Gi" } limits: { cpu: "4", memory: "8Gi" }
volumes: volumes:
- name: data - name: data
persistentVolumeClaim: { claimName: ollama-data } persistentVolumeClaim: { claimName: ollama-data }
@ -143,7 +116,7 @@ metadata: { name: ollama-data, namespace: ml }
spec: spec:
accessModes: ["ReadWriteOnce"] accessModes: ["ReadWriteOnce"]
storageClassName: local-ssd-hetzner storageClassName: local-ssd-hetzner
resources: { requests: { storage: 100Gi } } resources: { requests: { storage: 50Gi } }
# --- # ---
#old k8s/ai/vllm/svc-ing.yaml #old k8s/ai/vllm/svc-ing.yaml
# apiVersion: v1 # apiVersion: v1