misc: actualbudget, authentik, headscale, rybbit, terminal, dbaas updates
- actualbudget: adjust resource config - authentik: add configuration - headscale: minor fix - rybbit: add resources - terminal: add terminal stack config - platform/dbaas: add config - infra: update lock file
This commit is contained in:
parent
c2f9ca0d13
commit
0de2fef9c9
8 changed files with 95 additions and 41 deletions
|
|
@ -89,10 +89,10 @@ resource "kubernetes_deployment" "actualbudget" {
|
||||||
resources {
|
resources {
|
||||||
requests = {
|
requests = {
|
||||||
cpu = "15m"
|
cpu = "15m"
|
||||||
memory = "160Mi"
|
memory = "320Mi"
|
||||||
}
|
}
|
||||||
limits = {
|
limits = {
|
||||||
memory = "256Mi"
|
memory = "400Mi"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
volume_mount {
|
volume_mount {
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,13 @@ module "tls_secret" {
|
||||||
tls_secret_name = var.tls_secret_name
|
tls_secret_name = var.tls_secret_name
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# The embedded outpost auto-creates an ingress expecting this secret name
|
||||||
|
module "tls_secret_outpost" {
|
||||||
|
source = "../../../../modules/kubernetes/setup_tls_secret"
|
||||||
|
namespace = kubernetes_namespace.authentik.metadata[0].name
|
||||||
|
tls_secret_name = "authentik-outpost-tls"
|
||||||
|
}
|
||||||
|
|
||||||
resource "kubernetes_namespace" "authentik" {
|
resource "kubernetes_namespace" "authentik" {
|
||||||
metadata {
|
metadata {
|
||||||
name = "authentik"
|
name = "authentik"
|
||||||
|
|
|
||||||
|
|
@ -349,7 +349,7 @@ module "ingress-ui" {
|
||||||
name = "headscale-ui"
|
name = "headscale-ui"
|
||||||
host = "headscale"
|
host = "headscale"
|
||||||
service_name = "headscale"
|
service_name = "headscale"
|
||||||
port = 8081
|
port = 80
|
||||||
ingress_path = ["/web"]
|
ingress_path = ["/web"]
|
||||||
tls_secret_name = var.tls_secret_name
|
tls_secret_name = var.tls_secret_name
|
||||||
}
|
}
|
||||||
|
|
|
||||||
38
stacks/infra/.terraform.lock.hcl
generated
38
stacks/infra/.terraform.lock.hcl
generated
|
|
@ -1,44 +1,6 @@
|
||||||
# This file is maintained automatically by "terraform init".
|
# This file is maintained automatically by "terraform init".
|
||||||
# Manual edits may be lost in future updates.
|
# Manual edits may be lost in future updates.
|
||||||
|
|
||||||
provider "registry.terraform.io/hashicorp/helm" {
|
|
||||||
version = "3.1.1"
|
|
||||||
hashes = [
|
|
||||||
"h1:47CqNwkxctJtL/N/JuEj+8QMg8mRNI/NWeKO5/ydfZU=",
|
|
||||||
"zh:1a6d5ce931708aec29d1f3d9e360c2a0c35ba5a54d03eeaff0ce3ca597cd0275",
|
|
||||||
"zh:3411919ba2a5941801e677f0fea08bdd0ae22ba3c9ce3309f55554699e06524a",
|
|
||||||
"zh:81b36138b8f2320dc7f877b50f9e38f4bc614affe68de885d322629dd0d16a29",
|
|
||||||
"zh:95a2a0a497a6082ee06f95b38bd0f0d6924a65722892a856cfd914c0d117f104",
|
|
||||||
"zh:9d3e78c2d1bb46508b972210ad706dd8c8b106f8b206ecf096cd211c54f46990",
|
|
||||||
"zh:a79139abf687387a6efdbbb04289a0a8e7eaca2bd91cdc0ce68ea4f3286c2c34",
|
|
||||||
"zh:aaa8784be125fbd50c48d84d6e171d3fb6ef84a221dbc5165c067ce05faab4c8",
|
|
||||||
"zh:afecd301f469975c9d8f350cc482fe656e082b6ab0f677d1a816c3c615837cc1",
|
|
||||||
"zh:c54c22b18d48ff9053d899d178d9ffef7d9d19785d9bf310a07d648b7aac075b",
|
|
||||||
"zh:db2eefd55aea48e73384a555c72bac3f7d428e24147bedb64e1a039398e5b903",
|
|
||||||
"zh:ee61666a233533fd2be971091cecc01650561f1585783c381b6f6e8a390198a4",
|
|
||||||
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
provider "registry.terraform.io/hashicorp/kubernetes" {
|
|
||||||
version = "3.0.1"
|
|
||||||
hashes = [
|
|
||||||
"h1:P0c8knzZnouTNFIRij8IS7+pqd0OKaFDYX0j4GRsiqo=",
|
|
||||||
"zh:02d55b0b2238fd17ffa12d5464593864e80f402b90b31f6e1bd02249b9727281",
|
|
||||||
"zh:20b93a51bfeed82682b3c12f09bac3031f5bdb4977c47c97a042e4df4fb2f9ba",
|
|
||||||
"zh:6e14486ecfaee38c09ccf33d4fdaf791409f90795c1b66e026c226fad8bc03c7",
|
|
||||||
"zh:8d0656ff422df94575668e32c310980193fccb1c28117e5c78dd2d4050a760a6",
|
|
||||||
"zh:9795119b30ec0c1baa99a79abace56ac850b6e6fbce60e7f6067792f6eb4b5f4",
|
|
||||||
"zh:b388c87acc40f6bd9620f4e23f01f3c7b41d9b88a68d5255dec0a72f0bdec249",
|
|
||||||
"zh:b59abd0a980649c2f97f172392f080eaeb18e486b603f83bf95f5d93aeccc090",
|
|
||||||
"zh:ba6e3060fddf4a022087d8f09e38aa0001c705f21170c2ded3d1c26c12f70d97",
|
|
||||||
"zh:c12626d044b1d5501cf95ca78cbe507c13ad1dd9f12d4736df66eb8e5f336eb8",
|
|
||||||
"zh:c55203240d50f4cdeb3df1e1760630d677679f5b1a6ffd9eba23662a4ad05119",
|
|
||||||
"zh:ea206a5a32d6e0d6e32f1849ad703da9a28355d9c516282a8458b5cf1502b2a1",
|
|
||||||
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
provider "registry.terraform.io/hashicorp/null" {
|
provider "registry.terraform.io/hashicorp/null" {
|
||||||
version = "3.2.4"
|
version = "3.2.4"
|
||||||
hashes = [
|
hashes = [
|
||||||
|
|
|
||||||
|
|
@ -175,6 +175,13 @@ resource "helm_release" "mysql_cluster" {
|
||||||
innodb_log_buffer_size=16777216
|
innodb_log_buffer_size=16777216
|
||||||
# Limit connections (peak usage ~40, no need for 151)
|
# Limit connections (peak usage ~40, no need for 151)
|
||||||
max_connections=80
|
max_connections=80
|
||||||
|
# Reduce disk write amplification (defaults were SSD-tuned, we're on HDD/LVM thin)
|
||||||
|
innodb_io_capacity=200
|
||||||
|
innodb_io_capacity_max=400
|
||||||
|
innodb_flush_log_at_trx_commit=2
|
||||||
|
sync_binlog=0
|
||||||
|
innodb_buffer_pool_size=1073741824
|
||||||
|
innodb_redo_log_capacity=536870912
|
||||||
EOT
|
EOT
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -101,6 +101,17 @@ resource "kubernetes_config_map" "clickhouse_memory" {
|
||||||
"memory.xml" = <<-EOF
|
"memory.xml" = <<-EOF
|
||||||
<clickhouse>
|
<clickhouse>
|
||||||
<max_server_memory_usage>1258291200</max_server_memory_usage>
|
<max_server_memory_usage>1258291200</max_server_memory_usage>
|
||||||
|
<!-- Disable high-churn system logs to reduce disk writes -->
|
||||||
|
<trace_log remove="1"/>
|
||||||
|
<text_log remove="1"/>
|
||||||
|
<metric_log remove="1"/>
|
||||||
|
<asynchronous_metric_log remove="1"/>
|
||||||
|
<query_log remove="1"/>
|
||||||
|
<part_log remove="1"/>
|
||||||
|
<processors_profile_log remove="1"/>
|
||||||
|
<query_metric_log remove="1"/>
|
||||||
|
<error_log remove="1"/>
|
||||||
|
<latency_log remove="1"/>
|
||||||
</clickhouse>
|
</clickhouse>
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
@ -135,6 +146,11 @@ resource "kubernetes_deployment" "clickhouse" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
spec {
|
spec {
|
||||||
|
security_context {
|
||||||
|
run_as_user = 101
|
||||||
|
run_as_group = 101
|
||||||
|
fs_group = 101
|
||||||
|
}
|
||||||
container {
|
container {
|
||||||
name = "clickhouse"
|
name = "clickhouse"
|
||||||
image = "clickhouse/clickhouse-server:25.4.2"
|
image = "clickhouse/clickhouse-server:25.4.2"
|
||||||
|
|
|
||||||
|
|
@ -70,3 +70,55 @@ module "ingress" {
|
||||||
"gethomepage.dev/pod-selector" = ""
|
"gethomepage.dev/pod-selector" = ""
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Read-only terminal session at terminal-ro.viktorbarzin.me
|
||||||
|
resource "kubernetes_service" "terminal_ro" {
|
||||||
|
metadata {
|
||||||
|
name = "terminal-ro"
|
||||||
|
namespace = kubernetes_namespace.terminal.metadata[0].name
|
||||||
|
labels = {
|
||||||
|
app = "terminal-ro"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
spec {
|
||||||
|
port {
|
||||||
|
name = "http"
|
||||||
|
port = 80
|
||||||
|
target_port = 7682
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "kubernetes_endpoints" "terminal_ro" {
|
||||||
|
metadata {
|
||||||
|
name = "terminal-ro"
|
||||||
|
namespace = kubernetes_namespace.terminal.metadata[0].name
|
||||||
|
}
|
||||||
|
|
||||||
|
subset {
|
||||||
|
address {
|
||||||
|
ip = "10.0.10.10"
|
||||||
|
}
|
||||||
|
port {
|
||||||
|
name = "http"
|
||||||
|
port = 7682
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
module "ingress_ro" {
|
||||||
|
source = "../../modules/kubernetes/ingress_factory"
|
||||||
|
namespace = kubernetes_namespace.terminal.metadata[0].name
|
||||||
|
name = "terminal-ro"
|
||||||
|
tls_secret_name = var.tls_secret_name
|
||||||
|
protected = true
|
||||||
|
extra_annotations = {
|
||||||
|
"gethomepage.dev/enabled" = "true"
|
||||||
|
"gethomepage.dev/name" = "Terminal (Read-Only)"
|
||||||
|
"gethomepage.dev/description" = "Read-only web terminal (ttyd)"
|
||||||
|
"gethomepage.dev/icon" = "mdi-console"
|
||||||
|
"gethomepage.dev/group" = "Infrastructure"
|
||||||
|
"gethomepage.dev/pod-selector" = ""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
10
stacks/terminal/tiers.tf
Normal file
10
stacks/terminal/tiers.tf
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
|
||||||
|
locals {
|
||||||
|
tiers = {
|
||||||
|
core = "0-core"
|
||||||
|
cluster = "1-cluster"
|
||||||
|
gpu = "2-gpu"
|
||||||
|
edge = "3-edge"
|
||||||
|
aux = "4-aux"
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue