bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 14 Actions Packages Projects Releases Wiki Activity
Files
5fe9e94993513e2bac74388b97cd95c13ceec4dd
bluejay-infra/apps/intranet/intranet.yaml

154 lines
3.8 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
apiVersion: v1
kind: Namespace
metadata:
name: intranet
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: intranet-vector-store
namespace: intranet
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: ConfigMap
metadata:
name: intranet-config
namespace: intranet
data:
KnowledgeApiKey: ""
TrustedHeaderSharedSecret: ""
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: intranet-web
namespace: intranet
labels:
app: intranet-web
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: intranet-web
template:
metadata:
labels:
app: intranet-web
spec:
containers:
- name: intranet-web
image: localhost/fc-intranet-web:v20260508-brochure-w1
imagePullPolicy: Never
ports:
- containerPort: 5300
name: http
env:
- name: ASPNETCORE_ENVIRONMENT
value: Production
- name: ASPNETCORE_URLS
value: "http://+:5300"
# Bulk corpus indexing on edge1 Pi 5 takes ~6s/chunk × 5665 chunks
# ≈ 9 hours. BLUEJAY-WS GPU (R9700, 32GB VRAM) does the same work
# in minutes. Memory: feedback_pi5_nomic_embed_slow.
- name: IntranetSearch__OllamaBaseUrl
value: "http://10.0.56.20:11434"
# Sprint E Phase 2α — JSON-file-backed PageReadingOverride persistence
# on the writable PVC at /data. Without this env var the
# intranet falls back to the in-memory store (loses state on
# pod restart). Master's PageReadingOverrideOptions binds
# PageReadingOverrides:FilePath.
- name: PageReadingOverrides__FilePath
value: "/data/page-reading-overrides.json"
- name: KnowledgeFleetSearch__BaseUrl
value: "https://knowledge.iamworkin.lan"
- name: KnowledgeFleetSearch__ApiKey
valueFrom:
configMapKeyRef:
name: intranet-config
key: KnowledgeApiKey
optional: true
- name: TrustedHeaderAuthentication__SharedSecret
valueFrom:
configMapKeyRef:
name: intranet-config
key: TrustedHeaderSharedSecret
optional: true
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "1Gi"
cpu: "1000m"
livenessProbe:
httpGet:
path: /health
port: 5300
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /health
port: 5300
initialDelaySeconds: 10
periodSeconds: 10
volumeMounts:
- name: vector-store
mountPath: /data
volumes:
- name: vector-store
persistentVolumeClaim:
claimName: intranet-vector-store
---
apiVersion: v1
kind: Service
metadata:
name: intranet-web
namespace: intranet
spec:
selector:
app: intranet-web
ports:
- port: 5300
targetPort: 5300
name: http
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: intranet-tls
namespace: intranet
spec:
secretName: intranet-tls
issuerRef:
name: step-ca-acme
kind: ClusterIssuer
dnsNames:
- intranet.iamworkin.lan
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: intranet
namespace: intranet
spec:
entryPoints:
- websecure
routes:
- match: Host(`intranet.iamworkin.lan`)
kind: Rule
services:
- name: intranet-web
port: 5300
tls:
secretName: intranet-tls
Reference in New Issue View Git Blame Copy Permalink