From 82f9ab4eadc58e38f2f671b4dbfeb480d68d48f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Limpinho?= <53994778+TomasLimpinho@users.noreply.github.com> Date: Tue, 30 Dec 2025 01:11:28 +0000 Subject: [PATCH] ai --- roles/cripto/files/ai-deployment.yaml | 94 +++++++++++++++++++ roles/cripto/files/ai-namespace.yaml | 4 + roles/cripto/files/ai-ollama-deployment.yaml | 97 ++++++++++++++++++++ roles/cripto/tasks/main.yml | 51 ++++++++++ roles/cripto/vars/main.yml | 4 + 5 files changed, 250 insertions(+) create mode 100644 roles/cripto/files/ai-deployment.yaml create mode 100644 roles/cripto/files/ai-namespace.yaml create mode 100644 roles/cripto/files/ai-ollama-deployment.yaml create mode 100644 roles/cripto/tasks/main.yml create mode 100644 roles/cripto/vars/main.yml diff --git a/roles/cripto/files/ai-deployment.yaml b/roles/cripto/files/ai-deployment.yaml new file mode 100644 index 0000000..9dbae2c --- /dev/null +++ b/roles/cripto/files/ai-deployment.yaml @@ -0,0 +1,94 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: fenix-ai +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: crypto-forecast-api-deployment + namespace: fenix-ai +spec: + replicas: 0 + selector: + matchLabels: + app: crypto-forecast-api + template: + metadata: + labels: + app: crypto-forecast-api + spec: + containers: + - name: crypto-forecast-api + image: gitea.fenix-dev.com/fenix-gitea-admin/fenix-cripto-api:0.0.19 + ports: + - containerPort: 8080 + resources: + limits: + nvidia.com/gpu: 1 # garante uso da tua RTX 4060 Ti + env: + - name: ASPNETCORE_ENVIRONMENT + value: Development + volumeMounts: + - name: model + mountPath: /models + volumes: + - name: model + persistentVolumeClaim: + claimName: crypto-forecast-api-model-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: crypto-forecast-api-svc + namespace: fenix-ai +spec: + selector: + app: crypto-forecast-api + ports: + - protocol: TCP + port: 8080 + targetPort: 8080 + type: NodePort # ou LoadBalancer se tiveres suporte +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: crypto-forecast-api-model-pv + namespace: fenix-ai +spec: + capacity: + storage: 20Gi + storageClassName: fenix-ai-nfs-csi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: 192.168.1.22 + path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/fenix/ai/api/model +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: crypto-forecast-api-model-pvc + namespace: fenix-ai +spec: + storageClassName: fenix-ai-nfs-csi + accessModes: + - ReadWriteOnce + volumeName: crypto-forecast-api-model-pv + resources: + requests: + storage: 20Gi +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: fenix-ai-nfs-csi + namespace: fenix-ai +provisioner: nfs.csi.k8s.io +parameters: + server: 192.168.1.22 + share: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/ +allowVolumeExpansion: true +reclaimPolicy: Retain \ No newline at end of file diff --git a/roles/cripto/files/ai-namespace.yaml b/roles/cripto/files/ai-namespace.yaml new file mode 100644 index 0000000..7f347b5 --- /dev/null +++ b/roles/cripto/files/ai-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: fenix-ai \ No newline at end of file diff --git a/roles/cripto/files/ai-ollama-deployment.yaml b/roles/cripto/files/ai-ollama-deployment.yaml new file mode 100644 index 0000000..9a3f0d3 --- /dev/null +++ b/roles/cripto/files/ai-ollama-deployment.yaml @@ -0,0 +1,97 @@ +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: local-pool-2 + namespace: metallb-system +spec: + addresses: + - 192.168.1.100-192.168.1.200 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ollama-deployment + namespace: fenix-ai +spec: + replicas: 1 + selector: + matchLabels: + app: ollama + template: + metadata: + labels: + app: ollama + spec: + containers: + - name: ollama + image: ollama/ollama:latest + ports: + - containerPort: 11434 + resources: + limits: + nvidia.com/gpu: 1 # garante uso da tua RTX 4060 Ti + env: + - name: OLLAMA_HOST + value: "0.0.0.0" + volumeMounts: + - name: ollama-data + mountPath: /root/.ollama + volumes: + - name: ollama-data + persistentVolumeClaim: + claimName: ollama-data-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: ollama-api-svc + namespace: fenix-ai +spec: + selector: + app: ollama + ports: + - protocol: TCP + port: 11434 + targetPort: 11434 + type: NodePort # ou LoadBalancer se tiveres suporte +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: ollama-data-pv + namespace: fenix-ai +spec: + capacity: + storage: 20Gi + storageClassName: ollama-ai-nfs-csi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: 192.168.1.22 + path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/ollama +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ollama-data-pvc + namespace: fenix-ai +spec: + storageClassName: ollama-ai-nfs-csi + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: ollama-ai-nfs-csi + namespace: fenix-ai +provisioner: nfs.csi.k8s.io +parameters: + server: 192.168.1.22 + share: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/ollama +allowVolumeExpansion: true +reclaimPolicy: Retain diff --git a/roles/cripto/tasks/main.yml b/roles/cripto/tasks/main.yml new file mode 100644 index 0000000..dc13b5d --- /dev/null +++ b/roles/cripto/tasks/main.yml @@ -0,0 +1,51 @@ +- name: Remover o diretório /tmp/fenix-ai/kubernetes-files + ansible.builtin.file: + path: /tmp/fenix-ai/kubernetes-files + state: absent + +- name: Criar diretório temporário no remoto + file: + path: /tmp/fenix-ai/kubernetes-files + state: directory + mode: '0755' + +- name: Copy file with owner and permissions + ansible.builtin.copy: + src: ../files + dest: /tmp/fenix-ai/kubernetes-files + owner: fenix + group: root + mode: '0644' + + +#- name: Obter várias notas do Bitwarden +# shell: | +# echo "unlock" +# BW_SESSION=$(bw unlock {{ bw_password }} --raw) +# echo "get item" +# bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }} +# loop: +# - { id: "iac.ansible.stackarr.decluttarr.secret", dest: "/tmp/stack-arr/decluttarr/kubernetes-files/files/decluttarr-secret.yaml" } +# args: +# executable: /bin/bash +# environment: +# BW_PASSWORD: "{{ BW_PASSWORD }}" + + +- name: Listar conteúdo do diretório remoto + shell: ls -l /tmp/fenix-ai/kubernetes-files/files + register: resultado_ls + + +- name: Mostrar resultado do ls + debug: + var: resultado_ls.stdout_lines + + +- name: Aplicar o stolon + become: yes + become_user: fenix + shell: | + kubectl apply -f /tmp/fenix-ai/kubernetes-files/files/ + environment: + KUBECONFIG: /home/fenix/.kube/config \ No newline at end of file diff --git a/roles/cripto/vars/main.yml b/roles/cripto/vars/main.yml new file mode 100644 index 0000000..c8fe60b --- /dev/null +++ b/roles/cripto/vars/main.yml @@ -0,0 +1,4 @@ +bw_password: "{{ lookup('env', 'BW_PASSWORD') }}" +VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}" +BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}" +BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}" \ No newline at end of file