Hermes K8s Deployment
Deployment topology and resource layout for the hermes Kubernetes namespace.
Namespace Overview
| Resource | Kind | Details |
|---|
| hermes-agent | Deployment | Main gateway pod (Carnice-V2-27B model). Image from local registry. Sidecar: workspace, chat-shim. |
| qdrant | Deployment | Vector DB qdrant/qdrant:v1.12.5. REST :6333, gRPC :6334. PVC qdrant-storage (10 Gi). |
| tei-embedder | Deployment | HuggingFace TEI serving BAAI/bge-base-en-v1.5. REST :8080. PVC tei-models (5 Gi). |
| hermes-vector-watcher | Deployment | inotify watcher over /opt/data/wiki. Chunks → embed → upsert qdrant. |
| hermes-vector-reconcile | CronJob (17 * * * *) | Hourly safety net reconcile for the vector index. |
PVCs
| Name | Size | Access Mode | Used By |
|---|
| hermes-data | 20 Gi | RWO | hermes-agent (wiki, tasks, skills) |
| qdrant-storage | 10 Gi | RWO | qdrant (vector DB data) |
| tei-models | 5 Gi | RWO | tei-embedder (model cache) |
Ingresses
| Hostname | Service | Port |
|---|
wiki.paralla.org | SilverBullet wiki server | :7300 |
tasks.paralla.org | Task queue API | :80 |
hermes.paralla.org | Hermes API gateway | :8000 |
Secrets
- hermes-agent: env vars for inference server URL, vector DB connection, email config
- himalaya: SMTP credentials for jarvis.paralla@gmail.com
- camofox-browser: credentials for proxy routing (NordVPN)
External Dependencies
| Service | Address | Purpose |
|---|
| Inference server | 192.168.100.106:8080 | llama.cpp serving Carnice-V2-27B Q5_K_M |
| GitLab | gitlab.paralla.org | Source repos, CI/CD |
| Slack | hermes-* channels | Notifications, task coordination |
Health Checks
# Agent pod status
kubectl -n hermes get pods -l app=hermes-agent
# Qdrant collection state
curl -s http://qdrant.hermes.svc.cluster.local:6333/collections/wiki | jq '.result.config.params.vectors'
# TEI embedder health
curl -s http://tei-embedder.hermes.svc.cluster.local:8080/health
# Inference server ping
curl -s http://192.168.100.106:8080/v1/models | jq '.data[0].id'
Key Constraints
- SOUL.md is read-only (ext4 overlay over CIFS PVC) — cannot write in-place
- Scheduler lock (
/opt/data/cron/.tick.lock) is Longhorn PVC, cleared on container start by postStart hook
- Tirith blocks
python3 -c and sh -c in kubectl exec — must write to file first
- Workspace context tag:
api_server strips <workspace_context .../> prefix before forwarding
- hermes-agent-pod — gateway pod details (archived, content moved here)
- hermes-vector-stack — vector retrieval stack (page deleted, see archive)
- hermes-roadmap — infrastructure roadmap
- mercury-email-cron — email processing runbook (page moved to archive)