[ci skip] add Traefik topology spread, PDB (minAvailable=2), and 30s response timeout

2026-03-01 14:18:54 +00:00 · 2026-03-01 14:18:54 +00:00 · 0639719e5c
commit 0639719e5c
parent f37bcf4717
1 changed files with 17 additions and 1 deletions
--- a/stacks/platform/modules/traefik/main.tf
+++ b/stacks/platform/modules/traefik/main.tf
@ -186,7 +186,7 @@ resource "helm_release" "traefik" {
      "--serversTransport.insecureSkipVerify=true",
      # Increase timeouts for services like Immich
      "--serversTransport.forwardingTimeouts.dialTimeout=60s",
-      "--serversTransport.forwardingTimeouts.responseHeaderTimeout=0s",
+      "--serversTransport.forwardingTimeouts.responseHeaderTimeout=30s",
      "--serversTransport.forwardingTimeouts.idleConnTimeout=90s",
      # Use forwarded headers from trusted proxies
      "--entryPoints.websecure.forwardedHeaders.insecure=false",
@ -207,6 +207,22 @@ resource "helm_release" "traefik" {
    }

    tolerations = []
+
+    topologySpreadConstraints = [{
+      maxSkew           = 1
+      topologyKey       = "kubernetes.io/hostname"
+      whenUnsatisfiable = "DoNotSchedule"
+      labelSelector = {
+        matchLabels = {
+          "app.kubernetes.io/name" = "traefik"
+        }
+      }
+    }]
+
+    podDisruptionBudget = {
+      enabled      = true
+      minAvailable = 2
+    }
  })]
 }