first commit

apps/code-server/README.md

@@ -0,0 +1,7 @@
+# code-server
+
+The base deploys code-server with a PVC, Service, and password Secret reference.
+
+The Secret is generated by the instance overlay. Do not commit real passwords or
+tokens to this catalog.
+

apps/code-server/base/deployment.yaml

@@ -0,0 +1,65 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: code-server
+  labels:
+    app.kubernetes.io/name: code-server
+    app.kubernetes.io/component: ide
+    app.kubernetes.io/part-of: ocdp-workload
+  annotations: {}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: code-server
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: code-server
+        app.kubernetes.io/component: ide
+        app.kubernetes.io/part-of: ocdp-workload
+    spec:
+      securityContext:
+        fsGroup: 1000
+      containers:
+        - name: code-server
+          image: codercom/code-server:latest
+          imagePullPolicy: IfNotPresent
+          args:
+            - --bind-addr
+            - 0.0.0.0:8080
+            - --auth
+            - password
+            - /home/coder/project
+          env:
+            - name: PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: code-server-auth
+                  key: password
+          ports:
+            - name: http
+              containerPort: 8080
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            requests:
+              cpu: "500m"
+              memory: 1Gi
+            limits:
+              cpu: "2"
+              memory: 4Gi
+          volumeMounts:
+            - name: workspace
+              mountPath: /home/coder/project
+      volumes:
+        - name: workspace
+          persistentVolumeClaim:
+            claimName: code-server-data
+

apps/code-server/base/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - pvc.yaml
+  - deployment.yaml
+  - service.yaml
+

apps/code-server/base/pvc.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: code-server-data
+  labels:
+    app.kubernetes.io/name: code-server
+    app.kubernetes.io/component: workspace-storage
+    app.kubernetes.io/part-of: ocdp-workload
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+

apps/code-server/base/service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: code-server
+  labels:
+    app.kubernetes.io/name: code-server
+    app.kubernetes.io/component: ide
+    app.kubernetes.io/part-of: ocdp-workload
+spec:
+  selector:
+    app.kubernetes.io/name: code-server
+  ports:
+    - name: http
+      port: 80
+      targetPort: http
+

apps/code-server/components/ingress/ingress.yaml

@@ -0,0 +1,21 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: code-server
+  labels:
+    app.kubernetes.io/name: code-server
+    app.kubernetes.io/component: ingress
+    app.kubernetes.io/part-of: ocdp-workload
+spec:
+  rules:
+    - host: code-server.example.local
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: code-server
+                port:
+                  name: http
+

apps/code-server/components/ingress/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - ingress.yaml
+

apps/code-server/components/nfs/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+patches:
+  - path: pvc-rwx-patch.yaml
+    target:
+      kind: PersistentVolumeClaim
+      name: code-server-data
+

apps/code-server/components/nfs/pvc-rwx-patch.yaml

@@ -0,0 +1,4 @@
+- op: replace
+  path: /spec/accessModes/0
+  value: ReadWriteMany
+

apps/code-server/components/service-loadbalancer/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+patches:
+  - path: service-loadbalancer-patch.yaml
+    target:
+      kind: Service
+      name: code-server
+

apps/code-server/components/service-loadbalancer/service-loadbalancer-patch.yaml

@@ -0,0 +1,4 @@
+- op: add
+  path: /spec/type
+  value: LoadBalancer
+

apps/code-server/components/service-nodeport/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+patches:
+  - path: service-nodeport-patch.yaml
+    target:
+      kind: Service
+      name: code-server
+

apps/code-server/components/service-nodeport/service-nodeport-patch.yaml

@@ -0,0 +1,4 @@
+- op: add
+  path: /spec/type
+  value: NodePort
+

apps/litellm/README.md

@@ -0,0 +1,8 @@
+# litellm
+
+LiteLLM gateway with ConfigMap-backed model routing and Secret-backed runtime
+keys.
+
+The instance overlay should generate `litellm-secrets` and patch
+`config.yaml` for the selected upstream model.
+

apps/litellm/base/configmap.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: litellm-config
+  labels:
+    app.kubernetes.io/name: litellm
+    app.kubernetes.io/component: config
+    app.kubernetes.io/part-of: ocdp-workload
+data:
+  config.yaml: |
+    model_list:
+      - model_name: default
+        litellm_params:
+          model: openai/default
+          api_base: os.environ/LITELLM_UPSTREAM_API_BASE
+          api_key: os.environ/LITELLM_UPSTREAM_API_KEY
+    litellm_settings:
+      drop_params: true
+      request_timeout: 600
+

apps/litellm/base/deployment.yaml

@@ -0,0 +1,80 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: litellm
+  labels:
+    app.kubernetes.io/name: litellm
+    app.kubernetes.io/component: gateway
+    app.kubernetes.io/part-of: ocdp-workload
+  annotations: {}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: litellm
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: litellm
+        app.kubernetes.io/component: gateway
+        app.kubernetes.io/part-of: ocdp-workload
+    spec:
+      containers:
+        - name: litellm
+          image: docker.litellm.ai/berriai/litellm:main-stable
+          imagePullPolicy: IfNotPresent
+          args:
+            - --config
+            - /app/config.yaml
+            - --port
+            - "4000"
+            - --num_workers
+            - "2"
+          env:
+            - name: LITELLM_MASTER_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: litellm-secrets
+                  key: masterKey
+            - name: LITELLM_SALT_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: litellm-secrets
+                  key: saltKey
+            - name: LITELLM_UPSTREAM_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: litellm-secrets
+                  key: upstreamApiKey
+            - name: LITELLM_UPSTREAM_API_BASE
+              valueFrom:
+                secretKeyRef:
+                  name: litellm-secrets
+                  key: upstreamApiBase
+          ports:
+            - name: http
+              containerPort: 4000
+          readinessProbe:
+            httpGet:
+              path: /health/readiness
+              port: http
+          livenessProbe:
+            httpGet:
+              path: /health/liveliness
+              port: http
+          resources:
+            requests:
+              cpu: "250m"
+              memory: 512Mi
+            limits:
+              cpu: "1"
+              memory: 1Gi
+          volumeMounts:
+            - name: config
+              mountPath: /app/config.yaml
+              subPath: config.yaml
+      volumes:
+        - name: config
+          configMap:
+            name: litellm-config
+

apps/litellm/base/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - configmap.yaml
+  - deployment.yaml
+  - service.yaml
+

apps/litellm/base/service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: litellm
+  labels:
+    app.kubernetes.io/name: litellm
+    app.kubernetes.io/component: gateway
+    app.kubernetes.io/part-of: ocdp-workload
+spec:
+  selector:
+    app.kubernetes.io/name: litellm
+  ports:
+    - name: http
+      port: 4000
+      targetPort: http
+

apps/litellm/components/ingress/ingress.yaml

@@ -0,0 +1,21 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: litellm
+  labels:
+    app.kubernetes.io/name: litellm
+    app.kubernetes.io/component: ingress
+    app.kubernetes.io/part-of: ocdp-workload
+spec:
+  rules:
+    - host: litellm.example.local
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: litellm
+                port:
+                  name: http
+

apps/litellm/components/ingress/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - ingress.yaml
+

apps/litellm/components/service-loadbalancer/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+patches:
+  - path: service-loadbalancer-patch.yaml
+    target:
+      kind: Service
+      name: litellm
+

apps/litellm/components/service-loadbalancer/service-loadbalancer-patch.yaml

@@ -0,0 +1,4 @@
+- op: add
+  path: /spec/type
+  value: LoadBalancer
+

apps/litellm/components/service-nodeport/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+patches:
+  - path: service-nodeport-patch.yaml
+    target:
+      kind: Service
+      name: litellm
+

apps/litellm/components/service-nodeport/service-nodeport-patch.yaml

@@ -0,0 +1,4 @@
+- op: add
+  path: /spec/type
+  value: NodePort
+

apps/vllm-server/README.md

@@ -0,0 +1,8 @@
+# vllm-server
+
+OpenAI-compatible model serving with vLLM.
+
+The base is CPU-safe YAML. Add `components/gpu-nvidia` in environments that
+provide NVIDIA GPUs, and let the instance overlay patch model name, resources,
+and cache size.
+

apps/vllm-server/base/deployment.yaml

@@ -0,0 +1,58 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vllm-server
+  labels:
+    app.kubernetes.io/name: vllm-server
+    app.kubernetes.io/component: model-server
+    app.kubernetes.io/part-of: ocdp-workload
+  annotations: {}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: vllm-server
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: vllm-server
+        app.kubernetes.io/component: model-server
+        app.kubernetes.io/part-of: ocdp-workload
+    spec:
+      containers:
+        - name: vllm
+          image: vllm/vllm-openai:latest
+          imagePullPolicy: IfNotPresent
+          args:
+            - --host
+            - 0.0.0.0
+            - --port
+            - "8000"
+            - --model
+            - Qwen/Qwen2.5-7B-Instruct
+            - --served-model-name
+            - default
+          env:
+            - name: HF_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: vllm-secrets
+                  key: hfToken
+                  optional: true
+          ports:
+            - name: http
+              containerPort: 8000
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: http
+            initialDelaySeconds: 20
+            periodSeconds: 10
+          resources:
+            requests:
+              cpu: "2"
+              memory: 12Gi
+            limits:
+              cpu: "4"
+              memory: 24Gi
+

apps/vllm-server/base/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yaml
+  - service.yaml
+

apps/vllm-server/base/service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: vllm-server
+  labels:
+    app.kubernetes.io/name: vllm-server
+    app.kubernetes.io/component: model-server
+    app.kubernetes.io/part-of: ocdp-workload
+spec:
+  selector:
+    app.kubernetes.io/name: vllm-server
+  ports:
+    - name: http
+      port: 8000
+      targetPort: http
+

apps/vllm-server/components/gpu-nvidia/gpu-patch.yaml

@@ -0,0 +1,7 @@
+- op: add
+  path: /spec/template/spec/runtimeClassName
+  value: nvidia
+- op: add
+  path: /spec/template/spec/containers/0/resources/limits/nvidia.com~1gpu
+  value: 1
+

apps/vllm-server/components/gpu-nvidia/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+patches:
+  - path: gpu-patch.yaml
+    target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: vllm-server
+

apps/vllm-server/components/ingress/ingress.yaml

@@ -0,0 +1,21 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: vllm-server
+  labels:
+    app.kubernetes.io/name: vllm-server
+    app.kubernetes.io/component: ingress
+    app.kubernetes.io/part-of: ocdp-workload
+spec:
+  rules:
+    - host: vllm.example.local
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: vllm-server
+                port:
+                  name: http
+

apps/vllm-server/components/ingress/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - ingress.yaml
+

apps/vllm-server/components/pvc-cache/deployment-cache-patch.yaml

@@ -0,0 +1,17 @@
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: HF_HOME
+    value: /cache/huggingface
+- op: add
+  path: /spec/template/spec/containers/0/volumeMounts
+  value:
+    - name: model-cache
+      mountPath: /cache
+- op: add
+  path: /spec/template/spec/volumes
+  value:
+    - name: model-cache
+      persistentVolumeClaim:
+        claimName: vllm-cache
+

apps/vllm-server/components/pvc-cache/kustomization.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - pvc.yaml
+patches:
+  - path: deployment-cache-patch.yaml
+    target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: vllm-server
+

apps/vllm-server/components/pvc-cache/pvc.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: vllm-cache
+  labels:
+    app.kubernetes.io/name: vllm-server
+    app.kubernetes.io/component: model-cache
+    app.kubernetes.io/part-of: ocdp-workload
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Gi
+

apps/vllm-server/components/service-loadbalancer/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+patches:
+  - path: service-loadbalancer-patch.yaml
+    target:
+      kind: Service
+      name: vllm-server
+

apps/vllm-server/components/service-loadbalancer/service-loadbalancer-patch.yaml

@@ -0,0 +1,4 @@
+- op: add
+  path: /spec/type
+  value: LoadBalancer
+

apps/vllm-server/components/service-nodeport/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+patches:
+  - path: service-nodeport-patch.yaml
+    target:
+      kind: Service
+      name: vllm-server
+

apps/vllm-server/components/service-nodeport/service-nodeport-patch.yaml

@@ -0,0 +1,4 @@
+- op: add
+  path: /spec/type
+  value: NodePort
+