From 8b5db2f58e2c2507aa58b20ff088ea8a572aba5b Mon Sep 17 00:00:00 2001
From: OG T <ogt@WOOOMacMiniM4.local>
Date: Wed, 8 Apr 2026 22:05:14 +0800
Subject: [PATCH] =?UTF-8?q?feat(infra):=20=E5=88=87=E6=8F=9B=20Ollama=20?=
 =?UTF-8?q?=E5=88=B0=20M1=20Pro=20192.168.0.111=20+=20NetworkPolicy=20?=
 =?UTF-8?q?=E6=9B=B4=E6=96=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- OLLAMA_URL: 188 → 111 (M1 Pro, 40+ tok/s vs 0.45 tok/s)
- OPENCLAW_DEFAULT_MODEL: qwen2.5:7b-instruct → deepseek-r1:14b (SRE最強推理)
- OPENCLAW_TIMEOUT: 90s → 120s (deepseek-r1:14b 實測最慢 54s)
- NetworkPolicy v1.3: 新增 192.168.0.111:11434 egress，移除 188 的 Ollama port

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 apps/api/src/core/config.py            |  8 ++++----
 k8s/awoooi-prod/02-network-policy.yaml | 18 +++++++++++++-----
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/apps/api/src/core/config.py b/apps/api/src/core/config.py
index 3b029584..0123444a 100644
--- a/apps/api/src/core/config.py
+++ b/apps/api/src/core/config.py
@@ -160,7 +160,7 @@ class Settings(BaseSettings):
     # External Services - Four Host Architecture
     # ==========================================================================
     OLLAMA_URL: str = Field(
-        default="http://192.168.0.188:11434",
+        default="http://192.168.0.111:11434",  # 2026-04-08 ogt: 切換至 M1 Pro (40+ tok/s vs 0.45 tok/s)
         description="Ollama LLM service URL",
     )
     # Deprecated: use OPENCLAW_URL instead
@@ -337,11 +337,11 @@ class Settings(BaseSettings):
         description="OpenClaw AI Agent service URL",
     )
     OPENCLAW_DEFAULT_MODEL: str = Field(
-        default="qwen2.5:7b-instruct",
-        description="Default Ollama model for RCA analysis (7B params, better Chinese)",
+        default="deepseek-r1:14b",  # 2026-04-08 ogt: SRE最強推理，M1 Pro實測 13 tok/s
+        description="Default Ollama model for RCA analysis",
     )
     OPENCLAW_TIMEOUT: int = Field(
-        default=90,
+        default=120,  # 2026-04-08 ogt: deepseek-r1:14b 實測最慢 54s，120s 含 buffer
         description="Timeout for OpenClaw AI calls (seconds)",
     )
 
diff --git a/k8s/awoooi-prod/02-network-policy.yaml b/k8s/awoooi-prod/02-network-policy.yaml
index e7b16b39..3a2c2071 100644
--- a/k8s/awoooi-prod/02-network-policy.yaml
+++ b/k8s/awoooi-prod/02-network-policy.yaml
@@ -1,8 +1,9 @@
 # AWOOOI 正式環境零信任網路策略
 # 負責人: CIO
-# 版本: v1.2
-# 日期: 2026-03-26
+# 版本: v1.3
+# 日期: 2026-04-08
 # 變更:
+#   - v1.3: 新增 192.168.0.111 Ollama 主機 (M1 Pro)，移除 188 的 Ollama port
 #   - v1.2: 修復 DNS 規則使用 namespaceSelector (ADR-011 Appendix B)
 #   - v1.1: 新增 Langfuse LLMOps (192.168.0.110:3100) - Phase 15.1
 #
@@ -93,9 +94,6 @@ spec:
         # Redis Stack (Docker)
         - protocol: TCP
           port: 6380
-        # Ollama (Docker)
-        - protocol: TCP
-          port: 11434
         # OpenClaw (clawbot Docker) - 2026-04-01 ogt: 修正為 8088 (clawbot-v5 使用 8088)
         - protocol: TCP
           port: 8088
@@ -113,6 +111,16 @@ spec:
         - protocol: TCP
           port: 8123
 
+    # 允許訪問 192.168.0.111 Ollama 主機 (MacBook Pro M1 Pro)
+    # 2026-04-08 ogt: 新增 — 切換 Ollama 到 M1 Pro，速度從 0.45→40+ tok/s
+    - to:
+        - ipBlock:
+            cidr: 192.168.0.111/32
+      ports:
+        # Ollama LLM API
+        - protocol: TCP
+          port: 11434
+
     # 允許訪問 192.168.0.110 DevOps 金庫 (Harbor + Sentry + Langfuse)
     # 2026-03-24 新增: Sentry Self-Hosted
     # 2026-03-26 新增: Langfuse LLMOps (Phase 15.1)