--- # PV for paperclip — NFS via keepalived VIP (192.168.2.252), synced between Dell and HP. # Data lives at /data/ai/paperclip on the active NFS host. apiVersion: v1 kind: PersistentVolume metadata: annotations: {} name: paperclip-data-pv spec: accessModes: - ReadWriteOnce capacity: storage: 50Gi nfs: path: /data/ai/paperclip server: 192.168.2.252 persistentVolumeReclaimPolicy: Retain storageClassName: "" volumeMode: Filesystem --- apiVersion: v1 kind: PersistentVolumeClaim metadata: annotations: {} name: paperclip-data-pvc namespace: ai spec: accessModes: - ReadWriteOnce resources: requests: storage: 50Gi storageClassName: "" volumeName: paperclip-data-pv --- # NOTE: Secret 'paperclip-secrets' must be created manually: # kubectl create secret generic paperclip-secrets \ # --from-literal=BETTER_AUTH_SECRET= \ # -n ai --- apiVersion: apps/v1 kind: Deployment metadata: annotations: {} labels: app: paperclip name: paperclip namespace: ai spec: replicas: 1 selector: matchLabels: app: paperclip strategy: type: Recreate template: metadata: labels: app: paperclip spec: containers: - command: - paperclipai - run - -d - /paperclip env: - name: PAPERCLIP_AGENT_JWT_SECRET valueFrom: secretKeyRef: key: PAPERCLIP_AGENT_JWT_SECRET name: paperclip-secrets - name: PORT value: '3100' - name: HOST value: 0.0.0.0 - name: SERVE_UI value: 'true' - name: NODE_ENV value: production - name: PAPERCLIP_DEPLOYMENT_MODE value: authenticated - name: PAPERCLIP_DEPLOYMENT_EXPOSURE value: private - name: PAPERCLIP_PUBLIC_URL value: https://paperclip.vandachevici.ro - name: PAPERCLIP_MIGRATION_PROMPT value: never - name: PAPERCLIP_MIGRATION_AUTO_APPLY value: 'true' - name: HOME value: /paperclip image: paperclip:latest imagePullPolicy: Never livenessProbe: failureThreshold: 3 initialDelaySeconds: 60 periodSeconds: 20 tcpSocket: port: 3100 name: paperclip ports: - containerPort: 3100 name: http readinessProbe: failureThreshold: 12 initialDelaySeconds: 30 periodSeconds: 10 tcpSocket: port: 3100 resources: limits: cpu: 2000m memory: 2Gi requests: cpu: 200m memory: 512Mi volumeMounts: - mountPath: /paperclip name: paperclip-data volumes: - name: paperclip-data persistentVolumeClaim: claimName: paperclip-data-pvc --- apiVersion: v1 kind: Service metadata: annotations: {} labels: app: paperclip name: paperclip namespace: ai spec: ports: - name: http port: 80 targetPort: 3100 selector: app: paperclip type: ClusterIP --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/proxy-body-size: 50m nginx.ingress.kubernetes.io/proxy-buffering: 'off' nginx.ingress.kubernetes.io/proxy-read-timeout: '300' nginx.ingress.kubernetes.io/proxy-send-timeout: '300' nginx.ingress.kubernetes.io/auth-url: "https://auth.vandachevici.ro/outpost.goauthentik.io/auth/nginx" nginx.ingress.kubernetes.io/auth-signin: "https://auth.vandachevici.ro/outpost.goauthentik.io/start?rd=$scheme://$http_host$escaped_request_uri" nginx.ingress.kubernetes.io/auth-response-headers: >- Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid name: paperclip-ingress namespace: ai spec: ingressClassName: nginx rules: - host: paperclip.vandachevici.ro http: paths: - backend: service: name: paperclip port: name: http path: / pathType: Prefix tls: - hosts: - paperclip.vandachevici.ro secretName: paperclip-tls