ADORSYS-GIS · Koufan-De-King · Mar 31, 2026 · Apr 1, 2026 · Apr 1, 2026 · Apr 1, 2026
diff --git a/charts/models-proxy/templates/networkpolicy.yaml b/charts/models-proxy/templates/networkpolicy.yaml
@@ -2,25 +2,30 @@
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: {{ include "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . }}
+  name: {{ .Release.Name }}-network-policy
+  namespace: {{ .Release.Namespace }}
   labels:
-    {{- include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/name: {{ include "common.names.name" . | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
 spec:
   podSelector:
     matchLabels:
-      {{- include "common.labels.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/name: {{ include "common.names.name" . | quote }}
+      app.kubernetes.io/instance: {{ .Release.Name | quote }}
   policyTypes:
     - Ingress
     - Egress
   ingress:
+    {{- range .Values.networkPolicy.ingressNamespaces }}
     - from:
         - namespaceSelector:
             matchLabels:
-              kubernetes.io/metadata.name: {{ .Release.Namespace }}
+              kubernetes.io/metadata.name: {{ . }}
       ports:
         - protocol: TCP
           port: 4000
+    {{- end }}
   egress:
     # Allow DNS resolution
     - to:

diff --git a/charts/models-proxy/values.yaml b/charts/models-proxy/values.yaml
@@ -1,125 +1,9 @@
-global:
-  litellm:
-    version: "v1.82.3-stable"
-  configmap:
-    name: "litellm-config"
-
-proxy:
-  defaultPodOptions:
-    automountServiceAccountToken: false
-    securityContext:
-      runAsNonRoot: true
-      runAsUser: 1000
-      runAsGroup: 1000
-      fsGroup: 1000
-      seccompProfile:
-        type: RuntimeDefault
-
-  service:
-    litellm:
-      enabled: true
-      annotations: { }
-      type: ClusterIP
-      controller: litellm
-      ports:
-        http:
-          enabled: true
-          port: 4000
-          targetPort: 4000
-
-  controllers:
-    litellm:
-      type: deployment
-      strategy: RollingUpdate
-      replicas: 1
-      pod:
-        labels:
-          app: proxy-app
-      containers:
-        litellm:
-          image:
-            repository: docker.litellm.ai/berriai/litellm
-            tag: "{{ .Values.global.litellm.version }}"
-          args:
-            - --config
-            - /app/config.yaml
-          env:
-            PUID: "1000"
-            PGID: "1000"
-            TZ: "Europe/Berlin"
-
-            LITELLM_MODE: "production"
-
-            REDIS_URL: "redis://redis-master.redis-system.svc.cluster.local:6379"
-
-            OPENAI_API_KEY:
-              secretKeyRef:
-                name: openai-api-key
-                key: apiKey
-
-            GEMINI_API_KEY:
-              secretKeyRef:
-                name: gemini-api-key
-                key: apiKey
-
-            #LITELLM_MASTER_KEY:
-            #  secretKeyRef:
-            #    name: proxy-api-key
-            #    key: apiKey
-
-          resources:
-            limits:
-              cpu: 1
-              memory: 1Gi
-            requests:
-              cpu: 500m
-              memory: 512Mi
-          securityContext:
-            runAsNonRoot: true
-            runAsUser: 1000
-            runAsGroup: 1000
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            capabilities:
-              drop:
-                - ALL
-          probes:
-            liveness:
-              enabled: false
-            readiness:
-              enabled: false
-
-  persistence:
-    config:
-      enabled: true
-      type: configMap
-      name: '{{ .Values.global.configmap.name }}'
-      advancedMounts:
-        litellm:
-          litellm:
-            - path: /app/config.yaml
-              subPath: config.yaml
-              readOnly: true
-    # Gemini thought signature patch - single source of truth for entire lifecycle
-    # Use proxy.persistence["gemini-patch"].enabled to enable/disable
-    # Use proxy.persistence["gemini-patch"].name to customize the ConfigMap name (optional)
-    gemini-patch:
-      enabled: true
-      name: litellm-gemini-plugin
-      type: configMap
-      advancedMounts:
-        litellm:
-          litellm:
-            - path: /app/litellm_gemini_patch.py
-              subPath: litellm_gemini_patch.py
-              readOnly: true
-
-  serviceAccount:
-    default:
-      enabled: false
-
 networkPolicy:
   enabled: true
+  # Namespace(s) that should be allowed to access the proxy
+  ingressNamespaces:
+    - converse-gateway
+    - default
   egressDestinations:
     # Google Gemini API
     - cidr: 0.0.0.0/0
@@ -131,51 +15,3 @@ networkPolicy:
       ports:
         - protocol: TCP
           port: 443
-
-config:
-  litellm_settings:
-    cache: True
-    cache_params: # set cache params for redis
-      type: redis
-      namespace: "litellm.caching.caching"
-    drop_params: true  # Required for Gemini 3 - drops unsupported params to prevent API errors
-  model_list:
-    # Explicit allowlist of supported models/providers
-    # Add new models here following the pattern below
-    # Format: model_name (how clients call it) -> litellm_params.model (how LiteLLM routes it)
-
-    # ── Google Gemini Pro models
-    - model_name: "gemini/gemini-3.1-pro-preview"
-      litellm_params:
-        model: "gemini/gemini-3.1-pro-preview"
-    - model_name: "gemini/gemini-2.5-pro"
-      litellm_params:
-        model: "gemini/gemini-2.5-pro"
-
-    # ── Google Gemini Flash models
-    - model_name: "gemini/gemini-3-flash"
-      litellm_params:
-        model: "gemini/gemini-3-flash"
-    - model_name: "gemini/gemini-2.5-flash"
-      litellm_params:
-        model: "gemini/gemini-2.5-flash"
-
-    # ── Google Gemini Lite models
-    - model_name: "gemini/gemini-3.1-flash-lite"
-      litellm_params:
-        model: "gemini/gemini-3.1-flash-lite"
-    - model_name: "gemini/gemini-2.5-flash-lite"
-      litellm_params:
-        model: "gemini/gemini-2.5-flash-lite"
-
-    # ── Google Gemini Image model
-    - model_name: "gemini/gemini-2.5-flash-image"
-      litellm_params:
-        model: "gemini/gemini-2.5-flash-image"
-
-    # ── Add more providers below following this pattern:
-    # - model_name: "provider/model-name"
-    #   litellm_params:
-    #     model: "provider/model-name"
-
-