From 500a9549ae18fd1aee627c3d50f6d8d8c563618c Mon Sep 17 00:00:00 2001
From: Michael Thomson <me@michaelthomson.dev>
Date: Tue, 12 May 2026 14:56:32 -0400
Subject: [PATCH] ollama

---
 apps/ollama/release.yaml                      | 46 +++++++++++++++++++
 apps/ollama/repository.yaml                   |  8 ++++
 bootstrap/apps/kustomization-ollama.yaml      | 19 ++++++++
 .../namespaces/namespace-ollama.yaml          |  8 ++++
 4 files changed, 81 insertions(+)
 create mode 100644 apps/ollama/release.yaml
 create mode 100644 apps/ollama/repository.yaml
 create mode 100644 bootstrap/apps/kustomization-ollama.yaml
 create mode 100644 infrastructure/namespaces/namespace-ollama.yaml

diff --git a/apps/ollama/release.yaml b/apps/ollama/release.yaml
new file mode 100644
index 0000000..3167d32
--- /dev/null
+++ b/apps/ollama/release.yaml
@@ -0,0 +1,46 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: ollama
+  namespace: ollama
+spec:
+  chart:
+    spec:
+      chart: ollama
+      version: 1.x
+      sourceRef:
+        kind: HelmRepository
+        name: ollama
+  interval: 15m
+  releaseName: ollama
+  values:
+    runtimeClassName: nvidia
+    ollama:
+      gpu:
+        enabled: true
+        type: nvidia
+        nvidiaResource: nvidia.com/gpu
+        number: 1
+      models:
+        pull:
+          - qwen3.5:9b
+        run:
+          - qwen3.5:9b
+    persistentVolume:
+      enabled: true
+      size: 50Gi
+    ingress:
+      enabled: true
+      annotations:
+        cert-manager.io/cluster-issuer: "letsencrypt-prod"
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+      hosts:
+        - host: ollama.michaelthomson.dev
+          paths:
+            - path: /
+              pathType: Prefix
+      tls:
+        - hosts:
+            - ollama.michaelthomson.dev
+          secretName: ollama-tls
diff --git a/apps/ollama/repository.yaml b/apps/ollama/repository.yaml
new file mode 100644
index 0000000..2f0307d
--- /dev/null
+++ b/apps/ollama/repository.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: ollama
+  namespace: ollama
+spec:
+  interval: 15m
+  url: https://helm.otwld.com/
diff --git a/bootstrap/apps/kustomization-ollama.yaml b/bootstrap/apps/kustomization-ollama.yaml
new file mode 100644
index 0000000..ba32615
--- /dev/null
+++ b/bootstrap/apps/kustomization-ollama.yaml
@@ -0,0 +1,19 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: ollama
+  namespace: flux-system
+spec:
+  interval: 15m
+  path: ./apps/ollama
+  prune: true
+  wait: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+  dependsOn:
+    - name: infra-configs
diff --git a/infrastructure/namespaces/namespace-ollama.yaml b/infrastructure/namespaces/namespace-ollama.yaml
new file mode 100644
index 0000000..b5ccde3
--- /dev/null
+++ b/infrastructure/namespaces/namespace-ollama.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ollama
+  labels:
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged