diff --git a/.planning/quick/1-fix-broken-demo-streams-and-improve-heal/1-PLAN.md b/.planning/quick/1-fix-broken-demo-streams-and-improve-heal/1-PLAN.md new file mode 100644 index 00000000..fe1b0995 --- /dev/null +++ b/.planning/quick/1-fix-broken-demo-streams-and-improve-heal/1-PLAN.md @@ -0,0 +1,47 @@ +# Quick Task 1: Fix Broken Demo Streams and Improve Health Checking + +## Objective + +Replace the broken Akamai live test stream (whose variant playlists return 404 despite master playlist returning 200) with a working test stream, and improve the health checker to validate variant playlists so broken streams are caught before being displayed to users. Rebuild and deploy the updated image. + +## Context + +- The F1 streaming site at f1.viktorbarzin.me has 3 demo streams +- Akamai live test stream (`cph-p2p-msl.akamaized.net/hls/live/2000341/test/master.m3u8`) has a working master playlist but all variant playlists return 404 +- Current health check only validates the master playlist URL (checks for `#EXTM3U`), missing the broken variants +- When hls.js tries to load the variant through the proxy, it gets 502 errors +- The other 2 streams (Big Buck Bunny, Apple Bipbop) work correctly end-to-end +- Confirmed working replacement: Tears of Steel (`demo.unified-streaming.com/k8s/features/stable/video/tears-of-steel/tears-of-steel.ism/.m3u8`) - all variants return 200 + +## Tasks + +### Task 1: Replace broken Akamai stream URL in demo extractor + +**files:** `stacks/f1-stream/files/backend/extractors/demo.py` +**action:** Replace the Akamai live test stream URL with Tears of Steel. Update the title, quality, and any other metadata. +**verify:** Run the demo extractor's URL through curl to confirm master and variant playlists both return 200. +**done:** Demo extractor returns 3 working stream URLs, none of which have broken variants. + +Replace: +- URL: `https://cph-p2p-msl.akamaized.net/hls/live/2000341/test/master.m3u8` +- Title: "Akamai Live Test Stream" +- Quality: "" (empty) + +With: +- URL: `https://demo.unified-streaming.com/k8s/features/stable/video/tears-of-steel/tears-of-steel.ism/.m3u8` +- Title: "Tears of Steel (Test Stream)" +- Quality: "1080p" + +### Task 2: Improve health checker to validate variant playlists + +**files:** `stacks/f1-stream/files/backend/health.py` +**action:** After the existing health check passes (master playlist has `#EXTM3U`), if the playlist is a master playlist (contains `#EXT-X-STREAM-INF:`), extract the first variant URI and do a HEAD/GET check on it. Mark the stream as unhealthy if the variant returns non-200. +**verify:** A stream with a broken variant (like the old Akamai one) would be marked `is_live=False`. +**done:** Health checker validates at least one variant playlist when the stream is a master playlist. + +### Task 3: Rebuild Docker image and deploy + +**files:** `stacks/f1-stream/main.tf` +**action:** Build new Docker image with tag v5.1.0, push to registry, update Terraform deployment image tag, apply the stack. +**verify:** `curl https://f1.viktorbarzin.me/streams` returns 3 streams all with `is_live: true`. Visit f1.viktorbarzin.me/watch in browser and confirm all 3 streams play. +**done:** All 3 demo streams are playable in the browser at f1.viktorbarzin.me/watch. diff --git a/.planning/quick/resource-audit-live-metrics.md b/.planning/quick/resource-audit-live-metrics.md new file mode 100644 index 00000000..7a0eff9d --- /dev/null +++ b/.planning/quick/resource-audit-live-metrics.md @@ -0,0 +1,614 @@ +# Kubernetes Cluster Resource Audit - Live Metrics + +**Collected**: 2026-03-01 +**Cluster**: 5 nodes (k8s-master + k8s-node1-4), Kubernetes v1.34.2 + +--- + +## EXECUTIVE SUMMARY + +### Critical Issues + +#### OOMKilled Pods +| Namespace | Pod | Status | +|-----------|-----|--------| +| dbaas | mysql-cluster-0 | OOMKilled (last state) | + +#### CrashLoopBackOff / ImagePullBackOff Pods +| Namespace | Pod | Status | +|-----------|-----|--------| +| vpa | vpa-admission-certgen-kdvqj | ImagePullBackOff | + +#### Pods with NO Resource Limits (unbounded) +These pods have `` for CPU and/or memory limits -- they can consume unlimited node resources: + +| Namespace | Pod | Container | CPU Limit | Mem Limit | +|-----------|-----|-----------|-----------|-----------| +| calico-apiserver | calico-apiserver-*-bq6zp | calico-apiserver | | | +| calico-apiserver | calico-apiserver-*-q794h | calico-apiserver | | | +| calico-system | calico-kube-controllers-* | calico-kube-controllers | | | +| calico-system | calico-node-* (5 pods) | calico-node | | | +| calico-system | calico-typha-*-9wr7z | calico-typha | | | +| calico-system | calico-typha-*-hw8wt | calico-typha | | | +| calico-system | calico-typha-*-z69vx | calico-typha | | | +| calico-system | csi-node-driver-* (5 pods) | calico-csi, csi-node-driver-registrar | | | +| kube-system | etcd-k8s-master | etcd | | | +| kube-system | kube-apiserver-k8s-master | kube-apiserver | | | +| kube-system | kube-controller-manager-k8s-master | kube-controller-manager | | | +| kube-system | kube-proxy-* (5 pods) | kube-proxy | | | +| kube-system | kube-scheduler-k8s-master | kube-scheduler | | | +| kyverno | kyverno-admission-controller-* (2 pods) | kyverno | (CPU) | 768Mi | +| kyverno | kyverno-background-controller-* | controller | (CPU) | 128Mi | +| kyverno | kyverno-cleanup-controller-* | controller | (CPU) | 128Mi | +| kyverno | kyverno-reports-controller-* | controller | (CPU) | 128Mi | +| metallb-system | controller-* | controller | | | +| metallb-system | speaker-dn9bk | speaker | | | +| metallb-system | speaker-mnpsl | speaker | | | +| metallb-system | speaker-pl8dz | speaker | | | +| nvidia | nvidia-driver-daemonset-x2r6b | nvidia-driver-ctr | | | + +**Note**: kube-system and calico-system pods without limits are standard for control-plane components. The NVIDIA driver daemonset is also expected. MetalLB pods without limits should be monitored. + +#### Pods Near or Exceeding Memory Limits (>75% utilization) + +| Namespace | Pod | Current Usage | Memory Limit | % Used | +|-----------|-----|--------------|--------------|--------| +| dbaas | mysql-cluster-0 | 1845Mi | 2Gi (sidecar:512Mi + mysql:2Gi) | ~90% of mysql container | +| dbaas | mysql-cluster-2 | 1212Mi | 2Gi (sidecar:512Mi + mysql:2Gi) | ~59% combined | +| dbaas | mysql-cluster-1 | 1083Mi | 2Gi (sidecar:512Mi + mysql:2Gi) | ~53% combined | +| dashy | dashy-* | 1048Mi | 4Gi | 26% but NOTE: 490m CPU near 500m limit (98%) | +| onlyoffice | onlyoffice-document-server-* | 1007Mi | 4Gi | 25% | +| stirling-pdf | stirling-pdf-* | 902Mi | 4Gi | 23% | +| trading-bot | trading-bot-workers-* | 1901Mi | 2Gi (sentiment-analyzer) | ~95% of largest container | +| authentik | goauthentik-server-*-x68p7 | 593Mi | 1Gi | 58% | +| authentik | goauthentik-server-*-4bjll | 583Mi | 1Gi | 57% | +| authentik | goauthentik-server-*-z68g8 | 548Mi | 1Gi | 54% | +| authentik | goauthentik-worker-*-klk6z | 551Mi | 1Gi | 54% | +| servarr | flaresolverr-* | 148Mi | 256Mi | 58% | +| speedtest | speedtest-* | 147Mi | ~1.2Gi | 12% | +| cnpg-system | cnpg-cloudnative-pg-* | 72Mi | 256Mi | 28% | +| mailserver | mailserver-* | 183Mi | 256Mi+256Mi | 36% per container | +| vpa | vpa-recommender-* | 74Mi | 512Mi | 14% (but 500Mi req = nearly full request!) | + +#### Pods with CPU Near Limit (potential throttling) + +| Namespace | Pod | Current CPU | CPU Limit | % Used | +|-----------|-----|------------|-----------|--------| +| dashy | dashy-* | 490m | 500m | **98%** -- actively throttling | +| stirling-pdf | stirling-pdf-* | 299m | 300m | **99.7%** -- actively throttling | +| frigate | frigate-* | 860m | 8000m | 11% | +| crowdsec | crowdsec-agent-rkvf2 | 13m | 500m | 3% (but req=limit=500m) | +| redis | redis-node-0 | 44m | 500m (redis) + 200m (sentinel) | 6% | +| redis | redis-node-1 | 43m | 1260m (redis) + 140m (sentinel) | 3% | + +--- + +## NODE-LEVEL RESOURCE USAGE + +| Node | CPU (cores) | CPU % | Memory | Memory % | +|------|-------------|-------|--------|----------| +| k8s-master | 805m | 10% | 5132Mi | 65% | +| k8s-node1 | 1002m | 6% | 9192Mi | 57% | +| k8s-node2 | 894m | 11% | 11517Mi | 48% | +| k8s-node3 | 781m | 9% | 13103Mi | 54% | +| k8s-node4 | 1333m | 16% | 13122Mi | 54% | +| **TOTAL** | **4815m** | **~10%** | **52066Mi** | **~55%** | + +**Observations**: +- Memory is the tighter resource (~55% cluster-wide), CPU is abundant (~10%) +- k8s-master at 65% memory -- highest, but still has headroom +- k8s-node3 and k8s-node4 carry the most memory workloads (~13Gi each) + +--- + +## POD RESOURCE USAGE BY NAMESPACE (sorted by total memory) + +### Top 20 Memory Consumers + +| Rank | Namespace/Pod | CPU | Memory | Mem Limit | +|------|--------------|-----|--------|-----------| +| 1 | frigate/frigate | 860m | 3835Mi | 16Gi | +| 2 | kube-system/kube-apiserver | 376m | 2531Mi | | +| 3 | monitoring/prometheus-server | 36m | 1912Mi | 4Gi | +| 4 | trading-bot/trading-bot-workers | 7m | 1901Mi | 2Gi (largest) | +| 5 | dbaas/mysql-cluster-0 | 62m | 1845Mi | 2Gi (mysql) | +| 6 | monitoring/loki-0 | 95m | 1335Mi | ~2.9Gi | +| 7 | immich/immich-machine-learning | 8m | 1215Mi | 16Gi | +| 8 | dbaas/mysql-cluster-2 | 32m | 1212Mi | 2Gi (mysql) | +| 9 | nvidia/nvidia-driver-daemonset | 0m | 1168Mi | | +| 10 | dbaas/mysql-cluster-1 | 40m | 1083Mi | 2Gi (mysql) | +| 11 | dashy/dashy | 490m | 1048Mi | 4Gi | +| 12 | onlyoffice/onlyoffice-document-server | 3m | 1007Mi | 4Gi | +| 13 | stirling-pdf/stirling-pdf | 299m | 902Mi | 4Gi | +| 14 | tandoor/tandoor | 1m | 754Mi | ~3.1Gi | +| 15 | paperless-ngx/paperless-ngx | 4m | 691Mi | ~3.7Gi | +| 16 | linkwarden/linkwarden | 8m | 682Mi | ~3.3Gi | +| 17 | ollama/ollama-ui | 2m | 658Mi | ~5.8Gi | +| 18 | whisper/whisper | 1m | 628Mi | ~5.8Gi | +| 19 | realestate-crawler/celery | 2m | 608Mi | 2Gi | +| 20 | authentik/goauthentik-server (x3) | ~17m each | ~575Mi each | 1Gi | + +### Top 10 CPU Consumers + +| Rank | Namespace/Pod | CPU | CPU Limit | +|------|--------------|-----|-----------| +| 1 | frigate/frigate | 860m | 8000m | +| 2 | dashy/dashy | 490m | 500m | +| 3 | kube-system/kube-apiserver | 376m | | +| 4 | stirling-pdf/stirling-pdf | 299m | 300m | +| 5 | kube-system/etcd | 216m | | +| 6 | monitoring/loki-0 | 95m | 504m | +| 7 | authentik/goauthentik-worker-c5zfs | 81m | 2000m | +| 8 | authentik/goauthentik-worker-b5wzk | 62m | 2000m | +| 9 | dbaas/mysql-cluster-0 | 62m | 2000m | +| 10 | calico-system/calico-node-wllsb | 49m | | + +--- + +## DETAILED NAMESPACE BREAKDOWN + +### actualbudget +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| actualbudget-anca | 1m | 42Mi | 25m/250m | 64Mi/256Mi | +| actualbudget-emo | 1m | 40Mi | 25m/250m | 64Mi/256Mi | +| actualbudget-http-api-anca | 1m | 26Mi | 25m/250m | 64Mi/256Mi | +| actualbudget-http-api-emo | 0m | 26Mi | 25m/250m | 64Mi/256Mi | +| actualbudget-http-api-viktor | 1m | 29Mi | 25m/250m | 64Mi/256Mi | +| actualbudget-viktor | 1m | 56Mi | 25m/250m | 64Mi/256Mi | +**Quota**: 150m/4000m CPU used, 384Mi/4Gi mem used, 6/30 pods + +### affine +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| affine | 4m | 174Mi | 35m/700m | ~237Mi/~1.9Gi | +**Quota**: 35m/2000m CPU, ~237Mi/2Gi mem, 1/20 pods + +### aiostreams +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| aiostreams | 1m | 215Mi | 50m/500m | 256Mi/768Mi | + +### atuin +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| atuin | 1m | 2Mi | 50m/500m | 64Mi/256Mi | + +### audiobookshelf +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| audiobookshelf | 1m | 55Mi | 15m/150m | ~100Mi/400Mi | + +### authentik +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| ak-outpost-embedded | 6m | 18Mi | 50m/500m | 64Mi/512Mi | +| goauthentik-server (x3) | 14-21m | 548-593Mi | 100m/2000m | 512Mi/1Gi | +| goauthentik-worker (x3) | 40-81m | 420-551Mi | 50-100m/1-2000m | 384Mi-600Mi/1-1.6Gi | +| pgbouncer (x3) | 1-2m | 2Mi | 15-50m/150-500m | ~100Mi/512-800Mi | +**Quota**: 680m/16000m CPU, ~3.3Gi/16Gi mem, 10/50 pods + +### calibre +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| annas-archive-stacks | 1m | 60Mi | 25m/250m | 64Mi/256Mi | +| calibre-web-automated | 1m | 196Mi | 23m/460m | ~640Mi/~2.6Gi | + +### changedetection +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| changedetection (2 containers) | 6m | 111Mi | 25m+25m/250m+250m | 64Mi+64Mi/256Mi+256Mi | + +### cloudflared +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| cloudflared (x3) | 3-9m | 31-59Mi | 50m/500m | 64Mi/512Mi | + +### crowdsec +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| crowdsec-agent (x3) | 3-13m | 43-48Mi | 500m/500m | 250Mi/250Mi | +| crowdsec-lapi (x3) | 1m | 30-34Mi | 23m/23m | ~121Mi/~121Mi | +| crowdsec-web | 2m | 46Mi | 50m/500m | 64Mi/512Mi | +**Note**: crowdsec-agent has CPU req=limit=500m (Guaranteed QoS). Same for memory at 250Mi. + +### dashy +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| dashy | **490m** | 1048Mi | 15m/**500m** | 512Mi/4Gi | +**WARNING**: CPU at 98% of limit -- actively being throttled! + +### dawarich +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| dawarich | 1m | 438Mi | 15m/150m | ~600Mi/~2.4Gi | + +### dbaas +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| mysql-cluster-0 | 62m | 1845Mi | 50m+250m/500m+2000m | 64Mi+1Gi/512Mi+2Gi | +| mysql-cluster-1 | 40m | 1083Mi | 50m+250m/500m+2000m | 64Mi+1Gi/512Mi+2Gi | +| mysql-cluster-2 | 32m | 1212Mi | 50m+250m/500m+2000m | 64Mi+1Gi/512Mi+2Gi | +| pg-cluster-1 | 22m | 335Mi | 250m/2000m | 512Mi/4Gi | +| pg-cluster-2 | 11m | 155Mi | 250m/2000m | 512Mi/4Gi | +| pgadmin | 1m | 265Mi | 50m/500m | 64Mi/512Mi | +| phpmyadmin | 1m | 46Mi | 50m/500m | 64Mi/512Mi | +**WARNING**: mysql-cluster-0 was OOMKilled previously. Currently at 1845Mi with 2Gi limit on mysql container (~90%). +**Quota**: 1500m/8000m CPU, 4416Mi/12Gi mem, 7/30 pods + +### echo +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| echo (x5) | 0-1m | 19-30Mi | 15-25m/150-250m | 64Mi-100Mi/256-400Mi | + +### forgejo +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| forgejo | 1m | 170Mi | 15m/500m | ~215Mi/~1.7Gi | + +### freedify +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| music-emo | 2m | 68Mi | 100m/500m | 256Mi/512Mi | +| music-viktor | 2m | 57Mi | 100m/500m | 256Mi/512Mi | + +### frigate +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| frigate | 860m | 3835Mi | 800m/8000m | 2Gi/16Gi | +**Note**: Highest memory consumer in the cluster. GPU tier (2-gpu). + +### headscale +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| headscale (2 containers) | 1m | 65Mi | 50m+25m/200m+100m | 64Mi+32Mi/256Mi+128Mi | + +### homepage +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| homepage | 1m | 86Mi | 15m/150m | ~121Mi/~484Mi | + +### immich +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| immich-frame | 1m | 30Mi | 15m/150m | ~105Mi/~838Mi | +| immich-machine-learning | 8m | 1215Mi | 15m/150m | 2Gi/16Gi | +| immich-postgresql | 1m | 268Mi | 15m/150m | ~990Mi/~7.9Gi | +| immich-server | 3m | 404Mi | 800m/8000m | ~990Mi/~7.9Gi | +**Quota**: 845m/8000m CPU, ~4.1Gi/8Gi mem, 4/40 pods. Note: mem at ~51% of quota. + +### kms +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| kms | 0m | 0Mi | 15m/15m | ~100Mi/1Gi | +| kms-web-page | 0m | 10Mi | 500m/500m | 512Mi/512Mi | +**Note**: kms-web-page has req=limit (Guaranteed QoS) at 500m CPU and 512Mi, but uses 0m/10Mi. + +### linkwarden +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| linkwarden | 8m | 682Mi | 15m/150m | ~826Mi/~3.3Gi | + +### mailserver +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| mailserver (2 containers) | 9m | 183Mi | 25m+25m/250m+250m | 64Mi+64Mi/256Mi+256Mi | +| roundcubemail | 1m | 44Mi | 25m/250m | 64Mi/256Mi | + +### meshcentral +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| meshcentral | 1m | 127Mi | 15m/300m | ~283Mi/~850Mi | + +### monitoring +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| alloy (x3, DaemonSet) | 44-47m | 182-201Mi | 63m+11m/252m+550m | ~422Mi+50Mi/~845Mi+512Mi | +| caretta (x4, DaemonSet) | 2-4m | 250-267Mi | 15m/225m | ~422Mi/~2.5Gi | +| goflow2 | 11m | 28Mi | 15m/60m | ~100Mi/400Mi | +| grafana (x3) | 18m | 232-235Mi | 11m+11m+35m/110m+110m+350m | multi-container | +| idrac-redfish-exporter | 3m | 9Mi | 15m/150m | ~100Mi/800Mi | +| loki-0 (2 containers) | 95m | 1335Mi | 126m+11m/504m+110m | ~1.9Gi+~121Mi/~2.9Gi+~968Mi | +| node-exporter (x5) | 1m | 9-24Mi | 15m/150m | ~100Mi/800Mi | +| prometheus-alertmanager | 2m | 24Mi | 15m/150m | ~100Mi/800Mi | +| prometheus-kube-state-metrics | 3m | 33Mi | 15m/150m | ~100Mi/800Mi | +| prometheus-pushgateway | 1m | 18Mi | 15m/150m | ~100Mi/800Mi | +| prometheus-server (2 containers) | 36m | 1912Mi | 11m+93m/110m+930m | 50Mi+512Mi/400Mi+4Gi | +| proxmox-exporter | 1m | 41Mi | 23m/230m | ~100Mi/800Mi | +| snmp-exporter | 2m | 14Mi | 15m/150m | ~100Mi/800Mi | +| sysctl-inotify (x5) | 0m | 0Mi | 15m/15m | ~100Mi/~100Mi | +**Quota**: 1177m/16000m CPU, ~9Gi/16Gi mem, 32/100 pods + +### mysql-operator +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| mysql-operator | 4m | 254Mi | 23m/230m | ~309Mi/~1.2Gi | + +### n8n +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| n8n | 2m | 425Mi | 15m/150m | ~524Mi/~2.1Gi | + +### netbox +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| netbox | 1m | 480Mi | 50m/2000m | 512Mi/4Gi | + +### nextcloud +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| nextcloud (2 containers) | 9m | 234Mi | 100m+11m/16000m+110m | ~1.3Gi+~121Mi/~8Gi+~484Mi | +| whiteboard | 1m | 62Mi | 25m/250m | 64Mi/256Mi | +**Quota**: 136m/4000m CPU, ~1.5Gi/8Gi mem, 2/10 pods + +### nvidia +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| gpu-feature-discovery | 1m | 76Mi | 100m+100m/1+1 | 256Mi+256Mi/2Gi+2Gi | +| gpu-operator | 14m | 63Mi | 200m/500m | 100Mi/350Mi | +| gpu-pod-exporter | 2m | 50Mi | 50m/200m | 128Mi/256Mi | +| nvidia-container-toolkit | 1m | 27Mi | 100m/1000m | 256Mi/2Gi | +| nvidia-dcgm-exporter | 17m | 538Mi | 100m/1000m | 256Mi/2Gi | +| nvidia-device-plugin | 1m | 47Mi | 100m+100m/1+1 | 256Mi+256Mi/2Gi+2Gi | +| nvidia-driver-daemonset | 0m | 1168Mi | | | +| nvidia-exporter | 1m | 138Mi | 15m/150m | ~121Mi/~968Mi | +| nfd-gc | 1m | 9Mi | 15m/1500m | ~100Mi/800Mi | +| nfd-master | 1m | 27Mi | 100m/4000m | 128Mi/4Gi | +| nfd-worker (x5) | 1m | 14-18Mi | 15m/3000m | ~100Mi/800Mi | +| nvidia-operator-validator | 0m | 1Mi | 100m/1000m | 256Mi/2Gi | + +### ollama +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| ollama | 1m | 11Mi | 500m/4000m | 4Gi/12Gi | +| ollama-ui | 2m | 658Mi | 15m/150m | ~729Mi/~5.8Gi | +**Note**: ollama pod at only 11Mi but reserves 4Gi -- GPU workload likely using VRAM instead. + +### onlyoffice +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| onlyoffice-document-server | 3m | 1007Mi | 250m/8000m | 512Mi/4Gi | +**Quota**: 250m/4000m CPU, 512Mi/4Gi mem, 1/10 pods + +### openclaw +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| openclaw (2 containers) | 2m | 447Mi | 100m+25m/2000m+500m | 512Mi+64Mi/2Gi+256Mi | + +### osm-routing +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| osrm-bicycle | 0m | 366Mi | 15m/250m | ~454Mi/~909Mi | +| osrm-foot | 0m | 359Mi | 15m/150m | ~454Mi/~1.8Gi | + +### paperless-ngx +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| paperless-ngx | 4m | 691Mi | 49m/980m | ~933Mi/~3.7Gi | + +### realestate-crawler +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| realestate-crawler-api (x2) | 2m | 133-134Mi | 15m/600m | ~194Mi/~1.6Gi | +| realestate-crawler-celery | 2m | 608Mi | 100m/2000m | 512Mi/2Gi | +| realestate-crawler-celery-beat | 0m | 107Mi | 15m/300m | ~175Mi/~699Mi | +| realestate-crawler-ui (x2) | 0m | 7-8Mi | 15-25m/150-250m | 64-100Mi/256-400Mi | + +### redis +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| redis-node-0 (redis+sentinel) | 44m | 47Mi | 50m+50m/500m+200m | 64Mi+64Mi/256Mi+128Mi | +| redis-node-1 (redis+sentinel) | 43m | 25Mi | 126m+35m/1260m+140m | ~50Mi+~50Mi/200Mi+100Mi | + +### resume +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| printer | 3m | 109Mi | 15m/300m | 1Gi/4Gi | +| resume | 1m | 116Mi | 15m/300m | ~215Mi/~645Mi | + +### rybbit +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| rybbit | 2m | 185Mi | 15m/150m | ~215Mi/~860Mi | +| rybbit-client | 1m | 89Mi | 25m/250m | 64Mi/256Mi | +**Note**: rybbit-client at 89Mi with 256Mi limit (35%). + +### servarr +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| flaresolverr | 1m | 148Mi | 25m/250m | 64Mi/256Mi | +| listenarr | 2m | 383Mi | 15m/600m | ~640Mi/~2.6Gi | +| prowlarr | 1m | 149Mi | 15m/150m | ~260Mi/~1Gi | +| qbittorrent | 1m | 29Mi | 25m/250m | 64Mi/256Mi | +**WARNING**: flaresolverr at 148Mi / 256Mi = 58% of mem limit. + +### speedtest +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| speedtest | 1m | 147Mi | 200m/2000m | ~309Mi/~1.2Gi | + +### stirling-pdf +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| stirling-pdf | **299m** | 902Mi | 15m/**300m** | 1Gi/4Gi | +**WARNING**: CPU at 99.7% of limit -- actively being throttled! + +### tandoor +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| tandoor | 1m | 754Mi | 15m/150m | ~776Mi/~3.1Gi | + +### technitium +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| technitium | 1m | 184Mi | 100m/500m | 128Mi/512Mi | +| technitium-secondary | 9m | 123Mi | 100m/500m | 128Mi/512Mi | + +### trading-bot +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| trading-bot-frontend (2 containers) | 2m | 174Mi | 10m+50m/200m+1000m | 32Mi+128Mi/128Mi+512Mi | +| trading-bot-workers (6 containers) | 7m | 1901Mi | 10m+100m+10m+10m+10m+10m/500m+2000m+500m+500m+500m+500m | 64Mi*5+512Mi/256Mi*5+2Gi | +**WARNING**: trading-bot-workers at 1901Mi. The sentiment-analyzer container has 2Gi limit, possibly near OOM. + +### traefik +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| auth-proxy (x2) | 1m | 7Mi | 5m/50m | 16Mi/32Mi | +| bot-block-proxy (x2) | 1m | 7Mi | 5m/50m | 16Mi/32Mi | +| traefik (x3) | 4-14m | 81-120Mi | 100m/500m | 128Mi/512Mi | + +### uptime-kuma +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| uptime-kuma | 23m | 163Mi | 49m/196m | ~237Mi/~947Mi | + +### vpa +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| goldilocks-controller | 7m | 30Mi | 49m/980m | ~105Mi/~209Mi | +| goldilocks-dashboard | 1m | 8Mi | 15m/300m | ~105Mi/~209Mi | +| vpa-admission-certgen | N/A | N/A | 50m/500m | 64Mi/512Mi | +| vpa-admission-controller | 3m | 48Mi | 50m/500m | 200Mi/512Mi | +| vpa-recommender | 13m | 74Mi | 50m/500m | 500Mi/512Mi | +| vpa-updater | 2m | 68Mi | 50m/500m | 500Mi/512Mi | +**WARNING**: vpa-admission-certgen in ImagePullBackOff. + +### whisper +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| piper | 0m | 32Mi | 100m/1000m | 256Mi/2Gi | +| whisper | 1m | 628Mi | 15m/150m | ~729Mi/~5.8Gi | + +### wireguard +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| wireguard (2 containers) | 1m | 2Mi | 50m+50m/500m+500m | 64Mi+64Mi/512Mi+512Mi | + +### woodpecker +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| woodpecker-agent-0 | 1m | 17Mi | 15m/150m | ~100Mi/400Mi | +| woodpecker-agent-1 | 1m | 28Mi | 25m/250m | 64Mi/256Mi | +| woodpecker-server-0 | 4m | 32Mi | 25m/250m | 64Mi/256Mi | + +### website +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| blog (x3, 2 containers each) | 0-1m | 17-19Mi | 11m+11m/22m+110m | ~50Mi+~50Mi/512Mi+200Mi | + +### Other Small Namespaces +| Namespace | Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----------|-----|----------|----------|-------------|-------------| +| city-guesser | city-guesser | 1m | 23Mi | 250m/500m | 50Mi/512Mi | +| coturn | coturn | 1m | 7Mi | 15m/150m | ~100Mi/400Mi | +| cyberchef | cyberchef | 0m | 8Mi | 15m/150m | ~100Mi/400Mi | +| diun | diun | 1m | 24Mi | 15m/150m | ~100Mi/400Mi | +| excalidraw | excalidraw | 0m | 2Mi | 15m/150m | ~100Mi/400Mi | +| f1-stream | f1-stream | 7m | 53Mi | 50m/500m | 64Mi/256Mi | +| freshrss | freshrss | 1m | 56Mi | 25m/250m | 64Mi/256Mi | +| hackmd | hackmd | 2m | 82Mi | 15m/150m | ~138Mi/~552Mi | +| health | health | 2m | 101Mi | 100m/1000m | 256Mi/1Gi | +| isponsorblocktv | isponsorblocktv-vermont | 1m | 42Mi | 15m/150m | ~100Mi/400Mi | +| jsoncrack | jsoncrack | 0m | 7Mi | 15m/150m | ~100Mi/400Mi | +| k8s-portal | k8s-portal | 0m | 14Mi | 25m/250m | 64Mi/256Mi | +| navidrome | navidrome | 1m | 62Mi | 15m/150m | ~156Mi/~623Mi | +| ntfy | ntfy | 1m | 20Mi | 25m/250m | 64Mi/256Mi | +| owntracks | owntracks | 1m | 1Mi | 15m/150m | ~100Mi/400Mi | +| plotting-book | plotting-book | 0m | 22Mi | 50m/500m | 128Mi/512Mi | +| privatebin | privatebin | 1m | 46Mi | 15m/150m | ~100Mi/400Mi | +| send | send | 0m | 53Mi | 15m/150m | ~100Mi/400Mi | +| shadowsocks | shadowsocks | 1m | 0Mi | 15m/150m | ~100Mi/400Mi | +| tor-proxy | tor-proxy | 1m | 61Mi | 15m/150m | ~105Mi/~419Mi | +| vaultwarden | vaultwarden | 1m | 49Mi | 50m/200m | 64Mi/256Mi | +| wealthfolio | wealthfolio | 0m | 8Mi | 15m/150m | ~100Mi/400Mi | +| webhook-handler | webhook-handler | 1m | 8Mi | 15m/30m | ~100Mi/1Gi | +| xray | xray | 0m | 11Mi | 50m/500m | 64Mi/512Mi | + +--- + +## LIMITRANGE DEFAULTS BY NAMESPACE + +| Namespace | Default CPU | Default Mem | Max CPU | Max Mem | Tier | +|-----------|-------------|-------------|---------|---------|------| +| **GPU tier (2-gpu)** | | | | | | +| ebook2audiobook | 1 | 2Gi | 8 | 16Gi | 2-gpu | +| frigate | 1 | 2Gi | 8 | 16Gi | 2-gpu | +| immich | 1 | 2Gi | 8 | 16Gi | 2-gpu | +| nvidia | 1 | 2Gi | 8 | 16Gi | 2-gpu | +| ollama | 1 | 2Gi | 8 | 16Gi | 2-gpu | +| whisper | 1 | 2Gi | 8 | 16Gi | 2-gpu | +| **Core tier (0-core)** | | | | | | +| cloudflared | 500m | 512Mi | 4 | 8Gi | 0-core | +| headscale | 500m | 512Mi | 4 | 8Gi | 0-core | +| technitium | 500m | 512Mi | 4 | 8Gi | 0-core | +| traefik | 500m | 512Mi | 4 | 8Gi | 0-core | +| wireguard | 500m | 512Mi | 4 | 8Gi | 0-core | +| xray | 500m | 512Mi | 4 | 8Gi | 0-core | +| **Cluster tier (1-cluster)** | | | | | | +| authentik | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| cnpg-system | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| crowdsec | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| dbaas | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| metrics-server | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| monitoring | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| poison-fountain | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| redis | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| tuya-bridge | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| uptime-kuma | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| vpa | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| **Edge tier (3-edge)** | | | | | | +| Most app namespaces | 250m | 256Mi | 2 | 4Gi | 3-edge | +| **Aux tier (4-aux)** | | | | | | +| Some app namespaces | 250m | 256Mi | 2 | 4Gi | 4-aux | +| **Custom LimitRanges** | | | | | | +| nextcloud | 250m | 256Mi | 16 | 8Gi | Custom | +| onlyoffice | 250m | 256Mi | 8 | 8Gi | Custom | +| **No tier** | | | | | | +| aiostreams | 250m | 256Mi | 1 | 2Gi | None | +| default | 250m | 256Mi | 1 | 2Gi | None | +| descheduler | 250m | 256Mi | 1 | 2Gi | None | +| gadget | 250m | 256Mi | 1 | 2Gi | None | +| kured | 250m | 256Mi | 1 | 2Gi | None | +| local-path-storage | 250m | 256Mi | 1 | 2Gi | None | +| mysql-operator | 250m | 256Mi | 1 | 2Gi | None | +| reverse-proxy | 250m | 256Mi | 1 | 2Gi | None | +| tigera-operator | 250m | 256Mi | 1 | 2Gi | None | + +--- + +## RESOURCEQUOTA UTILIZATION (top consumers) + +| Namespace | CPU Req Used/Hard | Mem Req Used/Hard | Pods Used/Hard | % Mem Req | +|-----------|-------------------|-------------------|----------------|-----------| +| monitoring | 1177m/16000m | ~9Gi/16Gi | 32/100 | ~56% | +| authentik | 680m/16000m | ~3.3Gi/16Gi | 10/50 | ~21% | +| crowdsec | 1619m/8000m | ~1.1Gi/8Gi | 7/30 | ~14% | +| dbaas | 1500m/8000m | 4416Mi/12Gi | 7/30 | ~36% | +| immich | 845m/8000m | ~4.1Gi/8Gi | 4/40 | ~51% | +| ollama | 515m/8000m | ~4.7Gi/8Gi | 2/40 | ~59% | +| nextcloud | 136m/4000m | ~1.5Gi/8Gi | 2/10 | ~19% | +| rybbit | 140m/2000m | ~791Mi/2Gi | 3/20 | ~39% | + +--- + +## ACTION ITEMS + +### Immediate (potential service impact) +1. **dashy** -- CPU throttled at 98% (490m/500m). Increase CPU limit or investigate high CPU usage. +2. **stirling-pdf** -- CPU throttled at 99.7% (299m/300m). Increase CPU limit. +3. **dbaas/mysql-cluster-0** -- Previously OOMKilled. Currently at ~1845Mi with 2Gi limit on mysql container (~90%). Monitor closely or increase limit. +4. **vpa/vpa-admission-certgen** -- ImagePullBackOff. Fix image reference. +5. **trading-bot-workers** -- 1901Mi across 6 containers, sentiment-analyzer at 2Gi limit. Verify not OOMing. + +### Medium Priority (resource waste or risk) +6. **kms/kms-web-page** -- Guaranteed QoS at 500m CPU / 512Mi, but only uses 0m/10Mi. Massive overprovisioning. +7. **ollama/ollama** -- Requests 4Gi memory but uses 11Mi (GPU model in VRAM). If not using CPU memory, reduce request. +8. **resume/printer** -- Requests 1Gi memory but uses 109Mi. Consider reducing. +9. **nvidia-driver-daemonset** -- No limits set, using 1168Mi. Standard for driver but worth noting. +10. **servarr/flaresolverr** -- At 58% memory (148Mi/256Mi). Trending toward limit. + +### Low Priority (optimization opportunities) +11. Multiple pods in the monitoring namespace have generous limits but low actual usage (node-exporters at 9-24Mi with 800Mi limits). +12. crowdsec-agent pods have Guaranteed QoS (req=limit) at 500m/250Mi but use only 3-13m CPU and 43-48Mi memory. +13. Many edge-tier pods using <10% of their memory limits -- VPA recommendations could help right-size. diff --git a/.planning/quick/resource-audit-terraform-definitions.md b/.planning/quick/resource-audit-terraform-definitions.md new file mode 100644 index 00000000..d5811811 --- /dev/null +++ b/.planning/quick/resource-audit-terraform-definitions.md @@ -0,0 +1,273 @@ +# Terraform Container Resource Audit + +Generated: 2026-03-01 + +## Tier Defaults (Kyverno LimitRange) + +For reference, containers WITHOUT explicit `resources {}` blocks receive these defaults from Kyverno-generated LimitRanges: + +| Tier | Default CPU | Default Mem | Request CPU | Request Mem | Max CPU | Max Mem | +|------|-------------|-------------|-------------|-------------|---------|---------| +| 0-core | 500m | 512Mi | 50m | 64Mi | 4 | 8Gi | +| 1-cluster | 500m | 512Mi | 50m | 64Mi | 2 | 4Gi | +| 2-gpu | 1 | 2Gi | 100m | 256Mi | 8 | 16Gi | +| 3-edge | 250m | 256Mi | 25m | 64Mi | 2 | 4Gi | +| 4-aux | 250m | 256Mi | 25m | 64Mi | 2 | 4Gi | + +Namespaces with custom LimitRange (opt-out): `nextcloud`, `onlyoffice` + +--- + +## Section 1: Containers WITHOUT Explicit Resources (Relying on LimitRange Defaults) + +These are the highest-risk containers -- they receive LimitRange defaults which may be too low or too high. + +| Stack | Namespace | Deployment/Resource | Container | Tier | Default CPU Lim | Default Mem Lim | Risk Notes | +|-------|-----------|-------------------|-----------|------|-----------------|-----------------|------------| +| blog | website | blog | nginx-exporter | 4-aux | 250m | 256Mi | Sidecar; likely fine | +| cyberchef | cyberchef | cyberchef | cyberchef | 4-aux | 250m | 256Mi | | +| echo | echo | echo | echo | 3-edge | 250m | 256Mi | 5 replicas, no resources | +| networking-toolbox | networking-toolbox | networking-toolbox | networking-toolbox | 4-aux | 250m | 256Mi | 3 replicas | +| shadowsocks | shadowsocks | shadowsocks | shadowsocks | 3-edge | 250m | 256Mi | | +| tor-proxy | tor-proxy | tor-proxy | tor-proxy | 4-aux | 250m | 256Mi | | +| tuya-bridge | tuya-bridge | tuya-bridge | tuya-bridge | 1-cluster | 500m | 512Mi | 3 replicas in cluster tier | +| audiobookshelf | audiobookshelf | audiobookshelf | audiobookshelf | 4-aux | 250m | 256Mi | May need more for transcoding | +| changedetection | changedetection | changedetection | sockpuppetbrowser | 4-aux | 250m | 256Mi | Chromium browser; likely needs more | +| changedetection | changedetection | changedetection | changedetection | 4-aux | 250m | 256Mi | | +| diun | diun | diun | diun | 4-aux | 250m | 256Mi | | +| excalidraw | excalidraw | excalidraw | excalidraw | 4-aux | 250m | 256Mi | | +| freshrss | freshrss | freshrss | freshrss | 4-aux | 250m | 256Mi | | +| isponsorblocktv | isponsorblocktv | isponsorblocktv-vermont | isponsorblocktv-vermont | 3-edge | 250m | 256Mi | | +| matrix | matrix | matrix | matrix | 4-aux | 250m | 256Mi | 0 replicas (disabled) | +| navidrome | navidrome | navidrome | navidrome | 4-aux | 250m | 256Mi | Music streaming | +| ntfy | ntfy | ntfy | ntfy | 4-aux | 250m | 256Mi | | +| owntracks | owntracks | owntracks | owntracks | 4-aux | 250m | 256Mi | | +| privatebin | privatebin | privatebin | privatebin | 3-edge | 250m | 256Mi | | +| wealthfolio | wealthfolio | wealthfolio | wealthfolio | 4-aux | 250m | 256Mi | | +| whisper | whisper | whisper | whisper | 2-gpu | 1 | 2Gi | No GPU resource claim; GPU tier | +| whisper | whisper | piper | piper | 2-gpu | 1 | 2Gi | No GPU resource claim; GPU tier | +| send | send | send | send | 4-aux | 250m | 256Mi | | +| n8n | n8n | n8n | n8n | 4-aux | 250m | 256Mi | Workflow automation; may need more | +| linkwarden | linkwarden | linkwarden | linkwarden | 4-aux | 250m | 256Mi | Next.js app; may OOM | +| dawarich | dawarich | dawarich | dawarich | 3-edge | 250m | 256Mi | Rails app; may OOM | +| hackmd | hackmd | hackmd | codimd | 3-edge | 250m | 256Mi | Node.js; may need more | +| tandoor | tandoor | tandoor | recipes | 4-aux | 250m | 256Mi | Django app | +| grampsweb | grampsweb | grampsweb | grampsweb | 4-aux | 250m | 256Mi | Flask app | +| grampsweb | grampsweb | grampsweb | grampsweb-celery | 4-aux | 250m | 256Mi | Celery worker | +| affine | affine | affine | migration (init) | 4-aux | 250m | 256Mi | Init container; runs prisma migrate | +| actualbudget (factory) | actualbudget | actualbudget-{name} | actualbudget | 3-edge | 250m | 256Mi | 3 instances (viktor, anca, emo) | +| actualbudget (factory) | actualbudget | actualbudget-http-api-{name} | actualbudget | 3-edge | 250m | 256Mi | Conditional (budget_encryption_password) | +| actualbudget (factory) | actualbudget | bank-sync-{name} (CronJob) | bank-sync | 3-edge | 250m | 256Mi | Curl container | +| osm_routing | osm-routing | osrm-foot | osrm-foot | 4-aux | 250m | 256Mi | OSRM needs ~1GB RAM for routing data | +| osm_routing | osm-routing | otp | otp | 4-aux | 250m | 256Mi | 0 replicas (disabled); OTP needs 2Gi+ | +| servarr/prowlarr | servarr | prowlarr | prowlarr | 4-aux | 250m | 256Mi | | +| servarr/qbittorrent | servarr | qbittorrent | qbittorrent | 4-aux | 250m | 256Mi | | +| servarr/flaresolverr | servarr | flaresolverr | flaresolverr | 4-aux | 250m | 256Mi | Chromium-based; likely needs more | +| real-estate-crawler | realestate-crawler | realestate-crawler-ui | realestate-crawler-ui | 4-aux | 250m | 256Mi | 2 replicas | +| real-estate-crawler | realestate-crawler | realestate-crawler-celery | celery-worker | 4-aux | 250m | 256Mi | | +| nextcloud | nextcloud | whiteboard | whiteboard | custom (3-edge) | 250m | 256Mi | Custom LimitRange: max 16 CPU/8Gi | +| nextcloud | nextcloud | nextcloud-backup (CronJob) | backup | custom (3-edge) | 250m | 256Mi | rsync container | +| calibre | calibre | annas-archive-stacks | annas-archive-stacks | 3-edge | 250m | 256Mi | | +| ollama | ollama | ollama-ui | ollama-ui | 2-gpu | 1 | 2Gi | Open WebUI; needs significant mem | +| immich | immich | immich-server | immich-server | 2-gpu | 1 | 2Gi | Photo server; needs resources | +| immich | immich | immich-postgresql | immich-postgresql | 2-gpu | 1 | 2Gi | PostgreSQL; needs resources | +| immich | immich | postgresql-backup (CronJob) | postgresql-backup | 2-gpu | 1 | 2Gi | | +| rybbit | rybbit | rybbit | rybbit | 4-aux | 250m | 256Mi | Node.js backend | +| rybbit | rybbit | rybbit-client | rybbit-client | 4-aux | 250m | 256Mi | | +| poison-fountain | poison-fountain | poison-fetcher (CronJob) | fetcher | 1-cluster | 500m | 512Mi | curl container | +| platform/dbaas | dbaas | mysql-backup (CronJob) | mysql-backup | 1-cluster | 500m | 512Mi | | +| platform/dbaas | dbaas | phpmyadmin | phpmyadmin | 1-cluster | 500m | 512Mi | | +| platform/dbaas | dbaas | pgadmin | pgadmin | 1-cluster | 500m | 512Mi | | +| platform/dbaas | dbaas | postgresql-backup (CronJob) | postgresql-backup | 1-cluster | 500m | 512Mi | | +| platform/xray | xray | xray | xray | 0-core | 500m | 512Mi | | +| platform/wireguard | wireguard | wireguard | sysctl-setup (init) | 0-core | 500m | 512Mi | | +| platform/wireguard | wireguard | wireguard | wireguard | 0-core | 500m | 512Mi | | +| platform/wireguard | wireguard | wireguard | prometheus-exporter | 0-core | 500m | 512Mi | | +| platform/cloudflared | cloudflared | cloudflared | cloudflared | 0-core | 500m | 512Mi | | +| platform/mailserver | mailserver | mailserver | docker-mailserver | 0-core | 500m | 512Mi | Mail server needs more RAM | +| platform/mailserver | mailserver | dovecot-exporter | dovecot-exporter | 0-core | 500m | 512Mi | | +| platform/crowdsec | crowdsec | crowdsec-web | crowdsec-web | 1-cluster | 500m | 512Mi | | +| platform/crowdsec | crowdsec | blocklist-import (CronJob) | blocklist-import | 1-cluster | 500m | 512Mi | | +| platform/k8s-portal | k8s-portal | k8s-portal | portal | 0-core | 500m | 512Mi | | +| platform/monitoring | monitoring | monitor-prometheus (CronJob) | monitor-prometheus | opted-out | N/A | N/A | No LimitRange in monitoring ns | +| platform/redis | redis | redis-backup (CronJob) | redis-backup | 1-cluster | 500m | 512Mi | | +| platform/infra-maint | kube-system | backup-etcd (CronJob) | backup-etcd | N/A | N/A | N/A | kube-system; no Kyverno LimitRange | +| platform/infra-maint | kube-system | backup-purge (CronJob) | backup-purge | N/A | N/A | N/A | | +| platform/infra-maint | kube-system | cleanup-failed (CronJob) | cleanup | N/A | N/A | N/A | | + +--- + +## Section 2: Containers WITH Explicit Resources + +| Stack | Namespace | Deployment/Resource | Container | CPU Req | CPU Lim | Mem Req | Mem Lim | Tier | Notes | +|-------|-----------|-------------------|-----------|---------|---------|---------|---------|------|-------| +| blog | website | blog | blog | 250m | 500m | 50Mi | 512Mi | 4-aux | | +| city-guesser | city-guesser | city-guesser | city-guesser | 250m | 500m | 50Mi | 512Mi | 4-aux | | +| coturn | coturn | coturn | coturn | 100m | 1 | 128Mi | 512Mi | 3-edge | | +| kms | kms | kms-web-page | kms-web-page | 500m | 500m | 512Mi | 512Mi | 4-aux | Req==Lim, high for nginx | +| kms | kms | kms (windows) | windows-kms | 1 | 1 | 50Mi | 512Mi | 4-aux | 1 CPU req seems high | +| travel_blog | travel-blog | travel-blog | travel-blog | 250m | 500m | 50Mi | 512Mi | 4-aux | | +| webhook_handler | webhook-handler | webhook-handler | webhook-handler | 250m | 500m | 50Mi | 512Mi | 4-aux | | +| freedify (factory) | freedify | music-{name} | freedify | 100m | 500m | 256Mi | 512Mi | 4-aux | Parameterized; 2 instances | +| health | health | health | health | 100m | 1 | 256Mi | 1Gi | 4-aux | | +| plotting-book | plotting-book | plotting-book | plotting-book | 50m | 500m | 128Mi | 512Mi | 4-aux | | +| frigate | frigate | frigate | frigate | -- | GPU:1 | -- | -- | 2-gpu | Only nvidia.com/gpu limit | +| ebook2audiobook | ebook2audiobook | ebook2audiobook | ebook2audiobook | -- | GPU:1 | -- | -- | 2-gpu | Only nvidia.com/gpu limit | +| ebook2audiobook | ebook2audiobook | audiblez | audiblez | -- | GPU:1 | -- | -- | 2-gpu | Only nvidia.com/gpu; 0 replicas | +| ebook2audiobook | ebook2audiobook | audiblez-web | audiblez-web | -- | GPU:1 | -- | -- | 2-gpu | Only nvidia.com/gpu limit | +| ytdlp | ytdlp | ytdlp | ytdlp | 25m | 500m | 128Mi | 512Mi | 4-aux | | +| ytdlp | ytdlp | yt-highlights | yt-highlights | -- | GPU:1 | -- | -- | 4-aux | GPU workload in aux-tier ns | +| real-estate-crawler | realestate-crawler | realestate-crawler-api | realestate-crawler-api | 50m | 2000m | 128Mi | 1Gi | 4-aux | | +| real-estate-crawler | realestate-crawler | realestate-crawler-celery-beat | celery-beat | 10m | 200m | 64Mi | 256Mi | 4-aux | | +| affine | affine | affine | affine | 100m | 2 | 512Mi | 4Gi | 4-aux | | +| atuin | atuin | atuin | atuin | 50m | 500m | 64Mi | 256Mi | 4-aux | | +| osm_routing | osm-routing | osrm-bicycle | osrm-bicycle | 15m | 250m | 512Mi | 1Gi | 4-aux | | +| paperless-ngx | paperless-ngx | paperless-ngx | paperless-ngx | 100m | 2 | 256Mi | 1Gi | 3-edge | | +| stirling-pdf | stirling-pdf | stirling-pdf | stirling-pdf | 100m | 2 | 256Mi | 1Gi | 4-aux | | +| netbox | netbox | netbox | netbox | 25m | 1 | 64Mi | 512Mi | 4-aux | | +| speedtest | speedtest | speedtest | speedtest | 25m | 500m | 64Mi | 512Mi | 4-aux | | +| meshcentral | meshcentral | meshcentral | meshcentral | 15m | 500m | 64Mi | 384Mi | 4-aux | | +| forgejo | forgejo | forgejo | forgejo | 15m | 500m | 64Mi | 512Mi | 3-edge | | +| dashy | dashy | dashy | dashy | 15m | 500m | 64Mi | 512Mi | 4-aux | | +| url | url | shlink | shlink | 25m | -- | 128Mi | 512Mi | 4-aux | No CPU limit | +| url | url | shlink-web | shlink-web | 250m | 500m | 50Mi | 512Mi | 4-aux | | +| f1-stream | f1-stream | f1-stream | f1-stream | 50m | 500m | 64Mi | 256Mi | 4-aux | | +| calibre | calibre | calibre-web-automated | calibre-web-automated | 50m | 1 | 256Mi | 1Gi | 3-edge | | +| poison-fountain | poison-fountain | poison-fountain | poison-fountain | 10m | 100m | 32Mi | 128Mi | 1-cluster | | +| ollama | ollama | ollama | ollama | 500m | 4 | 4Gi | 12Gi + GPU:1 | 2-gpu | | +| onlyoffice | onlyoffice | onlyoffice-document-server | onlyoffice-document-server | 250m | 8 | 512Mi | 4Gi | 3-edge | Custom LimitRange | +| openclaw | openclaw | openclaw | openclaw | 100m | 2 | 512Mi | 2Gi | 4-aux | | +| openclaw | openclaw | openclaw | modelrelay (sidecar) | 25m | 500m | 64Mi | 256Mi | 4-aux | | +| openclaw | openclaw | cluster-healthcheck (CronJob) | healthcheck | 50m | -- | 64Mi | 128Mi | 4-aux | No CPU limit | +| resume | resume | printer | printer | 50m | 1 | 128Mi | 512Mi | 4-aux | Chromium | +| resume | resume | resume | resume | 25m | 500m | 128Mi | 384Mi | 4-aux | | +| rybbit | rybbit | clickhouse | clickhouse | 100m | 2 | 512Mi | 4Gi | 4-aux | | +| immich | immich | immich-machine-learning | immich-machine-learning | -- | GPU:1 | -- | -- | 2-gpu | Only nvidia.com/gpu limit | +| trading-bot | trading-bot | trading-bot-frontend | dashboard | 10m | 200m | 32Mi | 128Mi | 3-edge | | +| trading-bot | trading-bot | trading-bot-frontend | api-gateway | 50m | 1000m | 128Mi | 512Mi | 3-edge | | +| trading-bot | trading-bot | trading-bot-workers | news-fetcher | 10m | 500m | 64Mi | 256Mi | 3-edge | | +| trading-bot | trading-bot | trading-bot-workers | sentiment-analyzer | 100m | 2000m | 512Mi | 2Gi | 3-edge | | +| trading-bot | trading-bot | trading-bot-workers | signal-generator | 10m | 500m | 64Mi | 256Mi | 3-edge | | +| trading-bot | trading-bot | trading-bot-workers | trade-executor | 10m | 500m | 64Mi | 256Mi | 3-edge | | +| trading-bot | trading-bot | trading-bot-workers | learning-engine | 10m | 500m | 64Mi | 256Mi | 3-edge | | +| trading-bot | trading-bot | trading-bot-workers | market-data | 10m | 500m | 64Mi | 256Mi | 3-edge | | +| platform/technitium | technitium | technitium | technitium | YES | YES | YES | YES | 0-core | Has resources block | +| platform/vaultwarden | vaultwarden | vaultwarden | vaultwarden | YES | YES | YES | YES | 0-core | Has resources block | +| platform/uptime-kuma | uptime-kuma | uptime-kuma | uptime-kuma | YES | YES | YES | YES | 0-core | Has resources block | +| platform/headscale | headscale | headscale | headscale | YES | YES | YES | YES | 0-core | Has resources block | +| platform/headscale | headscale | headscale | headscale-ui | YES | YES | YES | YES | 0-core | Has resources block | +| platform/traefik | traefik | traefik-default-backend | nginx | YES | YES | YES | YES | 0-core | Has resources block | +| platform/traefik | traefik | traefik-local-backend | nginx | YES | YES | YES | YES | 0-core | Has resources block | +| platform/nvidia | nvidia | nvidia-exporter | nvidia-exporter | YES | YES | YES | YES | 2-gpu | Has resources block | +| platform/nvidia | nvidia | nvidia-power-exporter | exporter | YES | YES | YES | YES | 2-gpu | Has resources block | +| platform/monitoring | monitoring | goflow2 | goflow2 | YES | YES | YES | YES | 1-cluster | Has resources block | + +--- + +## Section 3: Helm Chart Deployments (Resources via values.yaml) + +These services are deployed via Helm charts. Resource configuration is in the chart's values files, not directly visible in main.tf. + +| Stack | Namespace | Chart | Values File | Tier | Notes | +|-------|-----------|-------|-------------|------|-------| +| homepage | homepage | jameswynn/homepage | values.yaml | 4-aux | Check values for resources | +| k8s-dashboard | kubernetes-dashboard | kubernetes-dashboard v7.12.0 | -- | 1-cluster | No custom values for resources | +| reloader | reloader | stakater/reloader | -- | 4-aux | No custom values | +| descheduler | descheduler | descheduler | values.yaml | -- | No tier label | +| woodpecker | woodpecker | woodpecker v3.5.1 | values.yaml | 3-edge | Custom quota; check values | +| nextcloud | nextcloud | nextcloud/nextcloud v8.8.1 | chart_values.yaml | 3-edge | Custom LimitRange/Quota | +| platform/traefik | traefik | traefik | chart values | 0-core | | +| platform/metallb | metallb | metallb | -- | 0-core | | +| platform/redis | redis | bitnami/redis | chart values | 1-cluster | | +| platform/monitoring | monitoring | prometheus, grafana, loki | various | 1-cluster | Opted out of Kyverno quota | +| platform/kyverno | kyverno | kyverno | chart values | 1-cluster | | +| platform/cnpg | cnpg | cnpg-operator | -- | 1-cluster | | +| platform/metrics-server | metrics-server | metrics-server | -- | 1-cluster | | +| platform/vpa | vpa | fairwinds/vpa | -- | 1-cluster | | +| platform/crowdsec | crowdsec | crowdsec | chart values | 1-cluster | | +| platform/nvidia | nvidia | nvidia gpu-operator | chart values | 2-gpu | Opted out of Kyverno quota | +| platform/authentik | authentik | authentik | chart values | 0-core | Custom quota | +| platform/dbaas | dbaas | mysql-operator/innodbcluster | chart values | 1-cluster | Custom quota | + +--- + +## Section 4: High-Risk Findings Summary + +### OOM-Kill Risk (containers likely needing more than 256Mi default) + +| Container | Namespace | Tier Default Mem | Why It's Risky | +|-----------|-----------|-----------------|----------------| +| sockpuppetbrowser | changedetection | 256Mi | Headless Chromium browser | +| flaresolverr | servarr | 256Mi | Chromium-based solver | +| osrm-foot | osm-routing | 256Mi | OSRM loads routing graph into memory (~500MB+) | +| navidrome | navidrome | 256Mi | Music library indexing | +| linkwarden | linkwarden | 256Mi | Next.js app with screenshot capture | +| n8n | n8n | 256Mi | Workflow automation with many nodes | +| dawarich | dawarich | 256Mi | Rails app | +| hackmd (codimd) | hackmd | 256Mi | Node.js collaborative editor | +| ollama-ui | ollama | 2Gi | Open WebUI; may be fine in GPU tier | +| immich-server | immich | 2Gi | Photo processing server | +| immich-postgresql | immich | 2Gi | PostgreSQL with pgvector | +| docker-mailserver | mailserver | 512Mi | ClamAV, SpamAssassin, etc. | +| audiobookshelf | audiobookshelf | 256Mi | Media server with transcoding | + +### GPU Containers with Only nvidia.com/gpu Limit (no CPU/Mem specified) + +These get LimitRange defaults for CPU/Mem but only have GPU limits set: + +| Container | Namespace | Tier | Gets Default | +|-----------|-----------|------|-------------| +| frigate | frigate | 2-gpu | 1 CPU / 2Gi | +| ebook2audiobook | ebook2audiobook | 2-gpu | 1 CPU / 2Gi | +| audiblez | ebook2audiobook | 2-gpu | 1 CPU / 2Gi | +| audiblez-web | ebook2audiobook | 2-gpu | 1 CPU / 2Gi | +| yt-highlights | ytdlp | 4-aux | 250m / 256Mi (!) | +| immich-machine-learning | immich | 2-gpu | 1 CPU / 2Gi | + +**Note**: `yt-highlights` is in the `ytdlp` namespace (4-aux tier) but runs on GPU node. Its default of 256Mi is very low for a Whisper ASR model. + +### Containers with No Resources in Core/Cluster Tier (higher defaults but still worth checking) + +| Container | Namespace | Tier | Default | +|-----------|-----------|------|---------| +| xray | xray | 0-core | 500m / 512Mi | +| wireguard | wireguard | 0-core | 500m / 512Mi | +| wireguard prometheus-exporter | wireguard | 0-core | 500m / 512Mi | +| cloudflared | cloudflared | 0-core | 500m / 512Mi | +| docker-mailserver | mailserver | 0-core | 500m / 512Mi | +| dovecot-exporter | mailserver | 0-core | 500m / 512Mi | +| k8s-portal | k8s-portal | 0-core | 500m / 512Mi | +| tuya-bridge | tuya-bridge | 1-cluster | 500m / 512Mi | +| phpmyadmin | dbaas | 1-cluster | 500m / 512Mi | +| pgadmin | dbaas | 1-cluster | 500m / 512Mi | +| crowdsec-web | crowdsec | 1-cluster | 500m / 512Mi | + +--- + +## Section 5: Statistics + +### Totals + +- **Total unique containers audited**: ~120+ +- **Containers WITH explicit resources**: ~55 +- **Containers WITHOUT explicit resources**: ~65 +- **Helm-managed (resources in values)**: ~18 charts + +### By Tier (containers without resources) + +| Tier | Count | Risk Level | +|------|-------|------------| +| 0-core | 7 | Medium (512Mi default is usually OK) | +| 1-cluster | 7 | Medium | +| 2-gpu | 5 | Low (2Gi default is generous) | +| 3-edge | 8 | High (256Mi can OOM Node/Rails/Java apps) | +| 4-aux | 25+ | High (256Mi is tight for many services) | +| monitoring (opted-out) | 1 | Low (no LimitRange at all) | +| kube-system | 3 | Low (no Kyverno) | + +### Recommendations + +1. **Immediate action**: Add explicit resources to `sockpuppetbrowser`, `flaresolverr`, `osrm-foot`, `docker-mailserver`, `immich-server`, `immich-postgresql`, `linkwarden`, `n8n` +2. **GPU containers**: Add explicit CPU/Mem alongside nvidia.com/gpu for `frigate`, `ebook2audiobook`, `audiblez-web`, `immich-machine-learning`, `yt-highlights` +3. **Review**: `kms-web-page` has 500m/512Mi request==limit for nginx (wasteful) +4. **CronJobs**: Most CronJob containers lack resources -- acceptable for short-lived jobs but adds to ResourceQuota consumption diff --git a/.planning/quick/resource-audit-vpa-recommendations.md b/.planning/quick/resource-audit-vpa-recommendations.md new file mode 100644 index 00000000..78d194b1 --- /dev/null +++ b/.planning/quick/resource-audit-vpa-recommendations.md @@ -0,0 +1,1708 @@ +# Goldilocks VPA Recommendations Audit + +**Generated**: 2026-03-01 + +**Cluster**: k8s-master (v1.34.2) + +## Executive Summary + +- **Total namespaces**: 101 +- **Namespaces with VPA recommendations**: 97 +- **Namespaces without VPA**: 4 (gadget, kube-node-lease, kube-public, reverse-proxy) +- **Total VPA objects**: 195 +- **Total containers with recommendations**: 200 +- **VPA objects without recommendations**: 18 + +### Top 10 Containers by Recommended Memory (target) + +| Rank | Namespace | Deployment | Container | Target Mem | Upper Bound | Current Limit | +|------|-----------|------------|-----------|------------|-------------|---------------| +| 1 | nextcloud | nextcloud | nextcloud | 5.70Gi | 7.39Gi | 6.00Gi | +| 2 | frigate | frigate | frigate | 5.15Gi | 6.65Gi | N/A | +| 3 | monitoring | prometheus-server | prometheus-server | 4.20Gi | 5.43Gi | N/A | +| 4 | monitoring | loki | loki | 3.08Gi | 3.98Gi | 6.00Gi | +| 5 | dbaas | mysql-cluster | mysql | 2.77Gi | 6.90Gi | 2.00Gi | +| 6 | dashy | dashy | dashy | 2.36Gi | 3.23Gi | 512Mi | +| 7 | immich | immich-machine-learning | immich-machine-learning | 2.24Gi | 2.90Gi | N/A | +| 8 | rybbit | clickhouse | clickhouse | 1.91Gi | 2.47Gi | 4.00Gi | +| 9 | trading-bot | trading-bot-workers | sentiment-analyzer | 1.81Gi | 2.35Gi | 2.00Gi | +| 10 | openclaw | openclaw | openclaw | 1.53Gi | 2.11Gi | 2.00Gi | + +### Top 10 Containers by Recommended CPU (target) + +| Rank | Namespace | Deployment | Container | Target CPU | Upper Bound | Current Limit | +|------|-----------|------------|-----------|------------|-------------|---------------| +| 1 | nextcloud | nextcloud | nextcloud | 2.4 | 3.1 | 16.0 | +| 2 | frigate | frigate | frigate | 1.2 | 1.8 | N/A | +| 3 | rybbit | clickhouse | clickhouse | 1.2 | 1.6 | 2.0 | +| 4 | dbaas | mysql-cluster | mysql | 1.1 | 3.3 | 2.0 | +| 5 | immich | immich-server | immich-server | 920m | 1.2 | N/A | +| 6 | monitoring | loki | loki | 476m | 660m | 1.0 | +| 7 | redis | redis-node | redis | 410m | 900m | 500m | +| 8 | monitoring | alloy | alloy | 296m | 372m | N/A | +| 9 | netbox | netbox | netbox | 203m | 383m | 1.0 | +| 10 | speedtest | speedtest | speedtest | 182m | 418m | 500m | + +### Containers Where VPA Recommendation Exceeds Current Limits (>2x) + +These containers may be at risk of OOMKill or CPU throttling. + +| Namespace | Deployment | Container | VPA Target CPU | Current CPU Limit | Ratio | VPA Target Mem | Current Mem Limit | Ratio | +|-----------|------------|-----------|----------------|-------------------|-------|----------------|-------------------|-------| +| dashy | dashy | dashy | 15m | 500m | 0.0x | 2.36Gi | 512Mi | 4.7x | +| traefik | auth-proxy | nginx | 15m | 50m | 0.3x | 100Mi | 32Mi | 3.1x | +| traefik | bot-block-proxy | nginx | 15m | 50m | 0.3x | 100Mi | 32Mi | 3.1x | +| resume | printer | printer | 15m | 1.0 | 0.0x | 1.29Gi | 512Mi | 2.6x | + +### Over-Provisioned Containers (Current Limits > 3x VPA Upper Bound) + +These containers have much more resources allocated than VPA observes them needing. + +| Namespace | Deployment | Container | VPA Upper CPU | Current CPU Limit | Waste | VPA Upper Mem | Current Mem Limit | Waste | +|-----------|------------|-----------|---------------|-------------------|-------|---------------|-------------------|-------| +| ollama | ollama | ollama | 15m | 4.0 | 266.7x | 335Mi | 12.00Gi | 36.6x | +| onlyoffice | onlyoffice-document-server | onlyoffice-document-server | 45m | 8.0 | 177.8x | 2.10Gi | 4.00Gi | 1.9x | +| trading-bot | trading-bot-workers | sentiment-analyzer | 14m | 2.0 | 142.9x | 2.35Gi | 2.00Gi | 0.9x | +| realestate-crawler | realestate-crawler-api | realestate-crawler-api | 15m | 2.0 | 133.3x | 244Mi | 1.00Gi | 4.2x | +| realestate-crawler | realestate-crawler-celery | celery-worker | 15m | 2.0 | 133.3x | 2.76Gi | 2.00Gi | 0.7x | +| stirling-pdf | stirling-pdf | stirling-pdf | 29m | 2.0 | 69.0x | 1.41Gi | 1.00Gi | 0.7x | +| coturn | coturn | coturn | 15m | 1.0 | 66.7x | 100Mi | 512Mi | 5.1x | +| health | health | health | 15m | 1.0 | 66.7x | 226Mi | 1.00Gi | 4.5x | +| kms | kms | windows-kms | 15m | 1.0 | 66.7x | 100Mi | 512Mi | 5.1x | +| resume | printer | printer | 15m | 1.0 | 66.7x | 1.67Gi | 512Mi | 0.3x | +| servarr | listenarr | listenarr | 15m | 1.0 | 66.7x | 944Mi | 1.00Gi | 1.1x | +| authentik | goauthentik-server | server | 43m | 2.0 | 46.5x | 859Mi | 1.00Gi | 1.2x | +| trading-bot | trading-bot-frontend | api-gateway | 23m | 1.0 | 43.5x | 511Mi | 512Mi | 1.0x | +| nvidia | nvidia-gpu-operator-node-feature-discovery-master | master | 15m | N/A | N/A | 100Mi | 4.00Gi | 41.0x | +| website | blog | blog | 13m | 500m | 38.5x | 50Mi | 512Mi | 10.2x | +| trading-bot | trading-bot-workers | learning-engine | 14m | 500m | 35.7x | 116Mi | 256Mi | 2.2x | +| trading-bot | trading-bot-workers | market-data | 14m | 500m | 35.7x | 180Mi | 256Mi | 1.4x | +| trading-bot | trading-bot-workers | news-fetcher | 14m | 500m | 35.7x | 137Mi | 256Mi | 1.9x | +| trading-bot | trading-bot-workers | signal-generator | 14m | 500m | 35.7x | 228Mi | 256Mi | 1.1x | +| trading-bot | trading-bot-workers | trade-executor | 14m | 500m | 35.7x | 180Mi | 256Mi | 1.4x | +| aiostreams | aiostreams | aiostreams | 15m | 500m | 33.3x | 835Mi | 768Mi | 0.9x | +| city-guesser | city-guesser | city-guesser | 15m | 500m | 33.3x | 100Mi | 512Mi | 5.1x | +| dashy | dashy | dashy | 15m | 500m | 33.3x | 3.23Gi | 512Mi | 0.2x | +| forgejo | forgejo | forgejo | 15m | 500m | 33.3x | 284Mi | 512Mi | 1.8x | +| freedify | music-emo | freedify | 15m | 500m | 33.3x | 135Mi | 512Mi | 3.8x | +| freedify | music-viktor | freedify | 15m | 500m | 33.3x | 116Mi | 512Mi | 4.4x | +| kms | kms-web-page | kms-web-page | 15m | 500m | 33.3x | 100Mi | 512Mi | 5.1x | +| meshcentral | meshcentral | meshcentral | 15m | 500m | 33.3x | 367Mi | 384Mi | 1.0x | +| plotting-book | plotting-book | plotting-book | 15m | 500m | 33.3x | 115Mi | 512Mi | 4.4x | +| resume | resume | resume | 15m | 500m | 33.3x | 279Mi | 384Mi | 1.4x | +| technitium | technitium | technitium | 15m | 500m | 33.3x | 367Mi | 512Mi | 1.4x | +| travel-blog | travel-blog | travel-blog | 15m | 500m | 33.3x | 100Mi | 512Mi | 5.1x | +| url | shlink-web | shlink-web | 15m | 500m | 33.3x | 100Mi | 512Mi | 5.1x | +| webhook-handler | webhook-handler | webhook-handler | 15m | 500m | 33.3x | 100Mi | 512Mi | 5.1x | +| ytdlp | ytdlp | ytdlp | 15m | 500m | 33.3x | 367Mi | 512Mi | 1.4x | +| affine | affine | affine | 63m | 2.0 | 31.7x | 307Mi | 4.00Gi | 13.4x | +| atuin | atuin | atuin | 25m | 500m | 20.0x | 100Mi | 256Mi | 2.6x | +| crowdsec | crowdsec-lapi | crowdsec-lapi | 28m | 500m | 17.9x | 152Mi | 500Mi | 3.3x | +| osm-routing | osrm-bicycle | osrm-bicycle | 15m | 250m | 16.7x | 679Mi | 1.00Gi | 1.5x | +| calibre | calibre-web-automated | calibre-web-automated | 63m | 1.0 | 15.9x | 829Mi | 1.00Gi | 1.2x | +| trading-bot | trading-bot-frontend | dashboard | 14m | 200m | 14.3x | 50Mi | 128Mi | 2.6x | +| realestate-crawler | realestate-crawler-celery-beat | celery-beat | 15m | 200m | 13.3x | 226Mi | 256Mi | 1.1x | +| vaultwarden | vaultwarden | vaultwarden | 15m | 200m | 13.3x | 156Mi | 256Mi | 1.6x | +| monitoring | grafana | grafana | 43m | 500m | 11.6x | 298Mi | 512Mi | 1.7x | +| nvidia | gpu-operator | gpu-operator | 45m | 500m | 11.1x | 100Mi | 350Mi | 3.5x | +| nvidia | nvidia-gpu-operator-node-feature-discovery-gc | gc | 15m | N/A | N/A | 100Mi | 1.00Gi | 10.2x | +| technitium | technitium-secondary | technitium | 49m | 500m | 10.2x | 376Mi | 512Mi | 1.4x | +| cnpg-system | cnpg-cloudnative-pg | manager | 54m | 500m | 9.3x | 286Mi | 256Mi | 0.9x | +| f1-stream | f1-stream | f1-stream | 63m | 500m | 7.9x | 136Mi | 256Mi | 1.9x | +| headscale | headscale | headscale-ui | 14m | 100m | 7.1x | 97Mi | 128Mi | 1.3x | +| headscale | headscale | headscale | 29m | 200m | 6.9x | 136Mi | 256Mi | 1.9x | +| poison-fountain | poison-fountain | poison-fountain | 15m | 100m | 6.7x | 100Mi | 128Mi | 1.3x | +| authentik | goauthentik-worker | worker | 158m | 1.0 | 6.3x | 859Mi | 1.00Gi | 1.2x | +| openclaw | openclaw | openclaw | 385m | 2.0 | 5.2x | 2.11Gi | 2.00Gi | 0.9x | +| paperless-ngx | paperless-ngx | paperless-ngx | 389m | 2.0 | 5.1x | 1.70Gi | 1.00Gi | 0.6x | +| nextcloud | nextcloud | nextcloud | 3.1 | 16.0 | 5.1x | 7.39Gi | 6.00Gi | 0.8x | +| openclaw | openclaw | modelrelay | 99m | 500m | 5.1x | 1.22Gi | 256Mi | 0.2x | + +--- + +## Detailed Per-Namespace VPA Recommendations + +### actualbudget + +**Deployment: `actualbudget-anca`** (VPA: `goldilocks-actualbudget-anca`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| actualbudget | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| actualbudget | Memory | 121Mi | 100Mi | 156Mi | 121Mi | N/A | N/A | + +**Deployment: `actualbudget-emo`** (VPA: `goldilocks-actualbudget-emo`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| actualbudget | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| actualbudget | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `actualbudget-http-api-anca`** (VPA: `goldilocks-actualbudget-http-api-anca`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| actualbudget | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| actualbudget | Memory | 175Mi | 100Mi | 278Mi | 175Mi | N/A | N/A | + +**Deployment: `actualbudget-http-api-emo`** (VPA: `goldilocks-actualbudget-http-api-emo`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| actualbudget | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| actualbudget | Memory | 100Mi | 100Mi | 135Mi | 100Mi | N/A | N/A | + +**Deployment: `actualbudget-http-api-viktor`** (VPA: `goldilocks-actualbudget-http-api-viktor`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| actualbudget | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| actualbudget | Memory | 259Mi | 100Mi | 335Mi | 259Mi | N/A | N/A | + +**Deployment: `actualbudget-viktor`** (VPA: `goldilocks-actualbudget-viktor`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| actualbudget | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| actualbudget | Memory | 138Mi | 105Mi | 178Mi | 138Mi | N/A | N/A | + +**CronJob: `bank-sync-anca`** (VPA: `goldilocks-bank-sync-anca`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**CronJob: `bank-sync-emo`** (VPA: `goldilocks-bank-sync-emo`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**CronJob: `bank-sync-viktor`** (VPA: `goldilocks-bank-sync-viktor`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### affine + +**Deployment: `affine`** (VPA: `goldilocks-affine`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| affine | CPU | 35m | 15m | 63m | 35m | 100m | 2.0 | +| affine | Memory | 237Mi | 237Mi | 307Mi | 237Mi | 512Mi | 4.00Gi | + +### aiostreams + +**Deployment: `aiostreams`** (VPA: `goldilocks-aiostreams`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| aiostreams | CPU | 15m | 15m | 15m | 15m | 50m | 500m | +| aiostreams | Memory | 641Mi | 308Mi | 835Mi | 641Mi | 256Mi | 768Mi | + +### atuin + +**Deployment: `atuin`** (VPA: `goldilocks-atuin`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| atuin | CPU | 15m | 15m | 25m | 15m | 50m | 500m | +| atuin | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 64Mi | 256Mi | + +### audiobookshelf + +**Deployment: `audiobookshelf`** (VPA: `goldilocks-audiobookshelf`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| audiobookshelf | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| audiobookshelf | Memory | 121Mi | 100Mi | 157Mi | 121Mi | N/A | N/A | + +### authentik + +**Deployment: `ak-outpost-authentik-embedded-outpost`** (VPA: `goldilocks-ak-outpost-authentik-embedded-outpost`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| proxy | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| proxy | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `goauthentik-server`** (VPA: `goldilocks-goauthentik-server`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| server | CPU | 35m | 22m | 43m | 35m | 100m | 2.0 | +| server | Memory | 684Mi | 640Mi | 859Mi | 684Mi | 512Mi | 1.00Gi | + +**Deployment: `goauthentik-worker`** (VPA: `goldilocks-goauthentik-worker`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| worker | CPU | 126m | 92m | 158m | 126m | 50m | 1.0 | +| worker | Memory | 600Mi | 422Mi | 859Mi | 600Mi | 384Mi | 1.00Gi | + +**Deployment: `pgbouncer`** (VPA: `goldilocks-pgbouncer`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| pgbouncer | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| pgbouncer | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### calibre + +**Deployment: `annas-archive-stacks`** (VPA: `goldilocks-annas-archive-stacks`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| annas-archive-stacks | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| annas-archive-stacks | Memory | 100Mi | 100Mi | 115Mi | 100Mi | N/A | N/A | + +**Deployment: `calibre-web-automated`** (VPA: `goldilocks-calibre-web-automated`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| calibre-web-automated | CPU | 35m | 15m | 63m | 35m | 50m | 1.0 | +| calibre-web-automated | Memory | 641Mi | 335Mi | 829Mi | 641Mi | 256Mi | 1.00Gi | + +### calico-apiserver + +**Deployment: `calico-apiserver`** (VPA: `goldilocks-calico-apiserver`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| calico-apiserver | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| calico-apiserver | Memory | 105Mi | 100Mi | 132Mi | 105Mi | N/A | N/A | + +### calico-system + +**Deployment: `calico-kube-controllers`** (VPA: `goldilocks-calico-kube-controllers`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| calico-kube-controllers | CPU | 23m | 15m | 29m | 23m | N/A | N/A | +| calico-kube-controllers | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**DaemonSet: `calico-node`** (VPA: `goldilocks-calico-node`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| calico-node | CPU | 63m | 34m | 79m | 63m | N/A | N/A | +| calico-node | Memory | 215Mi | 156Mi | 270Mi | 215Mi | N/A | N/A | + +**Deployment: `calico-typha`** (VPA: `goldilocks-calico-typha`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| calico-typha | CPU | 15m | 15m | 26m | 15m | N/A | N/A | +| calico-typha | Memory | 100Mi | 100Mi | 182Mi | 100Mi | N/A | N/A | + +**DaemonSet: `csi-node-driver`** (VPA: `goldilocks-csi-node-driver`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| calico-csi | CPU | 11m | 10m | 13m | 11m | N/A | N/A | +| calico-csi | Memory | 50Mi | 50Mi | 50Mi | 50Mi | N/A | N/A | +| csi-node-driver-registrar | CPU | 11m | 10m | 13m | 11m | N/A | N/A | +| csi-node-driver-registrar | Memory | 50Mi | 50Mi | 50Mi | 50Mi | N/A | N/A | + +### changedetection + +**Deployment: `changedetection`** (VPA: `goldilocks-changedetection`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| changedetection | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| changedetection | Memory | 105Mi | 105Mi | 135Mi | 105Mi | N/A | N/A | +| sockpuppetbrowser | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| sockpuppetbrowser | Memory | 61Mi | 61Mi | 78Mi | 61Mi | N/A | N/A | + +### city-guesser + +**Deployment: `city-guesser`** (VPA: `goldilocks-city-guesser`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| city-guesser | CPU | 15m | 15m | 15m | 15m | 250m | 500m | +| city-guesser | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 50Mi | 512Mi | + +### cloudflared + +**Deployment: `cloudflared`** (VPA: `goldilocks-cloudflared`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| cloudflared | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| cloudflared | Memory | 100Mi | 100Mi | 112Mi | 100Mi | N/A | N/A | + +### cnpg-system + +**Deployment: `cnpg-cloudnative-pg`** (VPA: `goldilocks-cnpg-cloudnative-pg`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| manager | CPU | 23m | 15m | 54m | 23m | 100m | 500m | +| manager | Memory | 121Mi | 121Mi | 286Mi | 121Mi | 128Mi | 256Mi | + +### coturn + +**Deployment: `coturn`** (VPA: `goldilocks-coturn`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| coturn | CPU | 15m | 15m | 15m | 15m | 100m | 1.0 | +| coturn | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 128Mi | 512Mi | + +### crowdsec + +**DaemonSet: `crowdsec-agent`** (VPA: `goldilocks-crowdsec-agent`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| crowdsec-agent | CPU | 23m | 15m | 28m | 23m | N/A | N/A | +| crowdsec-agent | Memory | 105Mi | 100Mi | 152Mi | 105Mi | N/A | N/A | + +**CronJob: `crowdsec-blocklist-import`** (VPA: `goldilocks-crowdsec-blocklist-import`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| blocklist-import | CPU | 35m | 15m | 15.5 | 35m | N/A | N/A | +| blocklist-import | Memory | 100Mi | 100Mi | 32.19Gi | 100Mi | N/A | N/A | + +**Deployment: `crowdsec-lapi`** (VPA: `goldilocks-crowdsec-lapi`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| crowdsec-lapi | CPU | 23m | 15m | 28m | 23m | 500m | 500m | +| crowdsec-lapi | Memory | 121Mi | 100Mi | 152Mi | 121Mi | 500Mi | 500Mi | + +**Deployment: `crowdsec-web`** (VPA: `goldilocks-crowdsec-web`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| crowdsec-web | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| crowdsec-web | Memory | 100Mi | 100Mi | 631Mi | 100Mi | N/A | N/A | + +### cyberchef + +**Deployment: `cyberchef`** (VPA: `goldilocks-cyberchef`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| cyberchef | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| cyberchef | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### dashy + +**Deployment: `dashy`** (VPA: `goldilocks-dashy`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| dashy | CPU | 15m | 15m | 15m | 15m | 15m | 500m | +| dashy | Memory | 2.36Gi | 1.29Gi | 3.23Gi | 2.36Gi | 64Mi | 512Mi | + +### dawarich + +**Deployment: `dawarich`** (VPA: `goldilocks-dawarich`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| dawarich | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| dawarich | Memory | 600Mi | 560Mi | 775Mi | 600Mi | N/A | N/A | + +### dbaas + +**CronJob: `mysql-backup`** (VPA: `goldilocks-mysql-backup`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**StatefulSet: `mysql-cluster`** (VPA: `goldilocks-mysql-cluster`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| mysql | CPU | 1.1 | 77m | 3.3 | 1.1 | 250m | 2.0 | +| mysql | Memory | 2.77Gi | 1.22Gi | 6.90Gi | 2.77Gi | 1.00Gi | 2.00Gi | +| sidecar | CPU | 11m | 10m | 27m | 11m | N/A | N/A | +| sidecar | Memory | 215Mi | 214Mi | 535Mi | 215Mi | N/A | N/A | + +**Deployment: `pgadmin`** (VPA: `goldilocks-pgadmin`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| pgadmin | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| pgadmin | Memory | 392Mi | 362Mi | 507Mi | 392Mi | N/A | N/A | + +**Deployment: `phpmyadmin`** (VPA: `goldilocks-phpmyadmin`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| phpmyadmin | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| phpmyadmin | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**CronJob: `postgresql-backup`** (VPA: `goldilocks-postgresql-backup`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### default + +**CronJob: `backup-etcd`** (VPA: `goldilocks-backup-etcd`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**CronJob: `cleanup-failed-pods`** (VPA: `goldilocks-cleanup-failed-pods`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**CronJob: `monitor-prometheus`** (VPA: `goldilocks-monitor-prometheus`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### descheduler + +**CronJob: `descheduler`** (VPA: `goldilocks-descheduler`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| descheduler | CPU | 126m | 51m | 14.1 | 126m | N/A | N/A | +| descheduler | Memory | 100Mi | 100Mi | 8.14Gi | 100Mi | N/A | N/A | + +### diun + +**Deployment: `diun`** (VPA: `goldilocks-diun`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| diun | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| diun | Memory | 100Mi | 100Mi | 116Mi | 100Mi | N/A | N/A | + +### ebook2audiobook + +**Deployment: `audiblez`** (VPA: `goldilocks-audiblez`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**Deployment: `audiblez-web`** (VPA: `goldilocks-audiblez-web`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| audiblez-web | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| audiblez-web | Memory | 138Mi | 121Mi | 178Mi | 138Mi | N/A | N/A | + +**Deployment: `ebook2audiobook`** (VPA: `goldilocks-ebook2audiobook`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### echo + +**Deployment: `echo`** (VPA: `goldilocks-echo`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| echo | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| echo | Memory | 105Mi | 100Mi | 132Mi | 105Mi | N/A | N/A | + +### excalidraw + +**Deployment: `excalidraw`** (VPA: `goldilocks-excalidraw`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| excalidraw | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| excalidraw | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### f1-stream + +**Deployment: `f1-stream`** (VPA: `goldilocks-f1-stream`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| f1-stream | CPU | 15m | 15m | 63m | 15m | 50m | 500m | +| f1-stream | Memory | 105Mi | 100Mi | 136Mi | 105Mi | 64Mi | 256Mi | + +### forgejo + +**Deployment: `forgejo`** (VPA: `goldilocks-forgejo`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| forgejo | CPU | 15m | 15m | 15m | 15m | 15m | 500m | +| forgejo | Memory | 215Mi | 121Mi | 284Mi | 215Mi | 64Mi | 512Mi | + +### freedify + +**Deployment: `music-emo`** (VPA: `goldilocks-music-emo`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| freedify | CPU | 15m | 15m | 15m | 15m | 100m | 500m | +| freedify | Memory | 105Mi | 105Mi | 135Mi | 105Mi | 256Mi | 512Mi | + +**Deployment: `music-viktor`** (VPA: `goldilocks-music-viktor`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| freedify | CPU | 15m | 15m | 15m | 15m | 100m | 500m | +| freedify | Memory | 100Mi | 100Mi | 116Mi | 100Mi | 256Mi | 512Mi | + +### freshrss + +**Deployment: `freshrss`** (VPA: `goldilocks-freshrss`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| freshrss | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| freshrss | Memory | 100Mi | 100Mi | 116Mi | 100Mi | N/A | N/A | + +### frigate + +**Deployment: `frigate`** (VPA: `goldilocks-frigate`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| frigate | CPU | 1.2 | 1.0 | 1.8 | 1.2 | N/A | N/A | +| frigate | Memory | 5.15Gi | 4.42Gi | 6.65Gi | 5.15Gi | N/A | N/A | + +### hackmd + +**Deployment: `hackmd`** (VPA: `goldilocks-hackmd`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| codimd | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| codimd | Memory | 138Mi | 138Mi | 181Mi | 138Mi | N/A | N/A | + +### headscale + +**Deployment: `headscale`** (VPA: `goldilocks-headscale`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| headscale | CPU | 11m | 10m | 29m | 11m | 50m | 200m | +| headscale | Memory | 105Mi | 89Mi | 136Mi | 105Mi | 64Mi | 256Mi | +| headscale-ui | CPU | 11m | 10m | 14m | 11m | 25m | 100m | +| headscale-ui | Memory | 75Mi | 75Mi | 97Mi | 75Mi | 32Mi | 128Mi | + +### health + +**Deployment: `health`** (VPA: `goldilocks-health`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| health | CPU | 15m | 15m | 15m | 15m | 100m | 1.0 | +| health | Memory | 175Mi | 174Mi | 226Mi | 175Mi | 256Mi | 1.00Gi | + +### homepage + +**Deployment: `homepage`** (VPA: `goldilocks-homepage`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| homepage | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| homepage | Memory | 121Mi | 105Mi | 156Mi | 121Mi | N/A | N/A | + +### immich + +**Deployment: `immich-frame`** (VPA: `goldilocks-immich-frame`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| immich-frame | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| immich-frame | Memory | 121Mi | 121Mi | 158Mi | 121Mi | N/A | N/A | + +**Deployment: `immich-machine-learning`** (VPA: `goldilocks-immich-machine-learning`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| immich-machine-learning | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| immich-machine-learning | Memory | 2.24Gi | 1.37Gi | 2.90Gi | 2.24Gi | N/A | N/A | + +**Deployment: `immich-postgresql`** (VPA: `goldilocks-immich-postgresql`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| immich-postgresql | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| immich-postgresql | Memory | 776Mi | 362Mi | 1.27Gi | 776Mi | N/A | N/A | + +**Deployment: `immich-server`** (VPA: `goldilocks-immich-server`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| immich-server | CPU | 920m | 15m | 1.2 | 920m | N/A | N/A | +| immich-server | Memory | 991Mi | 825Mi | 1.27Gi | 991Mi | N/A | N/A | + +**CronJob: `postgresql-backup`** (VPA: `goldilocks-postgresql-backup`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### isponsorblocktv + +**Deployment: `isponsorblocktv-vermont`** (VPA: `goldilocks-isponsorblocktv-vermont`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| isponsorblocktv-vermont | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| isponsorblocktv-vermont | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### jsoncrack + +**Deployment: `jsoncrack`** (VPA: `goldilocks-jsoncrack`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| jsoncrack | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| jsoncrack | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### k8s-portal + +**Deployment: `k8s-portal`** (VPA: `goldilocks-k8s-portal`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| portal | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| portal | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### kms + +**Deployment: `kms`** (VPA: `goldilocks-kms`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| windows-kms | CPU | 15m | 15m | 15m | 15m | 1.0 | 1.0 | +| windows-kms | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 50Mi | 512Mi | + +**Deployment: `kms-web-page`** (VPA: `goldilocks-kms-web-page`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| kms-web-page | CPU | 15m | 15m | 15m | 15m | 500m | 500m | +| kms-web-page | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 512Mi | 512Mi | + +### kube-system + +**Deployment: `coredns`** (VPA: `goldilocks-coredns`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| coredns | CPU | 15m | 15m | 15m | 15m | 100m | N/A | +| coredns | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 70Mi | 170Mi | + +**DaemonSet: `kube-proxy`** (VPA: `goldilocks-kube-proxy`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| kube-proxy | CPU | 23m | 15m | 43m | 23m | N/A | N/A | +| kube-proxy | Memory | 105Mi | 100Mi | 132Mi | 105Mi | N/A | N/A | + +### kured + +**DaemonSet: `kured`** (VPA: `goldilocks-kured`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| kured | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| kured | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### kyverno + +**Deployment: `kyverno-admission-controller`** (VPA: `goldilocks-kyverno-admission-controller`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| kyverno | CPU | 23m | 15m | 43m | 23m | 100m | N/A | +| kyverno | Memory | 215Mi | 105Mi | 270Mi | 215Mi | 128Mi | 768Mi | + +**Deployment: `kyverno-background-controller`** (VPA: `goldilocks-kyverno-background-controller`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| controller | CPU | 15m | 15m | 15m | 15m | 100m | N/A | +| controller | Memory | 156Mi | 121Mi | 202Mi | 156Mi | 64Mi | 128Mi | + +**Deployment: `kyverno-cleanup-controller`** (VPA: `goldilocks-kyverno-cleanup-controller`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| controller | CPU | 23m | 15m | 29m | 23m | 100m | N/A | +| controller | Memory | 138Mi | 100Mi | 179Mi | 138Mi | 64Mi | 128Mi | + +**Job: `kyverno-migrate-resources`** (VPA: `goldilocks-kyverno-migrate-resources`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| kubectl | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| kubectl | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `kyverno-reports-controller`** (VPA: `goldilocks-kyverno-reports-controller`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| controller | CPU | 63m | 15m | 163m | 63m | 100m | N/A | +| controller | Memory | 156Mi | 100Mi | 202Mi | 156Mi | 64Mi | 128Mi | + +### linkwarden + +**Deployment: `linkwarden`** (VPA: `goldilocks-linkwarden`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| linkwarden | CPU | 15m | 15m | 45m | 15m | N/A | N/A | +| linkwarden | Memory | 878Mi | 776Mi | 1.11Gi | 878Mi | N/A | N/A | + +### local-path-storage + +**Deployment: `local-path-provisioner`** (VPA: `goldilocks-local-path-provisioner`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| local-path-provisioner | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| local-path-provisioner | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### mailserver + +**Deployment: `mailserver`** (VPA: `goldilocks-mailserver`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| docker-mailserver | CPU | 23m | 10m | 45m | 23m | N/A | N/A | +| docker-mailserver | Memory | 309Mi | 215Mi | 399Mi | 309Mi | N/A | N/A | +| dovecot-exporter | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| dovecot-exporter | Memory | 50Mi | 50Mi | 50Mi | 50Mi | N/A | N/A | + +**Deployment: `roundcubemail`** (VPA: `goldilocks-roundcubemail`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| roundcube | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| roundcube | Memory | 105Mi | 100Mi | 135Mi | 105Mi | N/A | N/A | + +### matrix + +**Deployment: `matrix`** (VPA: `goldilocks-matrix`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### meshcentral + +**Deployment: `meshcentral`** (VPA: `goldilocks-meshcentral`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| meshcentral | CPU | 15m | 15m | 15m | 15m | 25m | 500m | +| meshcentral | Memory | 259Mi | 215Mi | 367Mi | 259Mi | 128Mi | 384Mi | + +### metallb-system + +**Deployment: `controller`** (VPA: `goldilocks-controller`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| controller | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| controller | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**DaemonSet: `speaker`** (VPA: `goldilocks-speaker`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| speaker | CPU | 23m | 15m | 28m | 23m | N/A | N/A | +| speaker | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### metrics-server + +**Deployment: `metrics-server`** (VPA: `goldilocks-metrics-server`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| metrics-server | CPU | 15m | 15m | 15m | 15m | 100m | N/A | +| metrics-server | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 200Mi | N/A | + +### monitoring + +**DaemonSet: `alloy`** (VPA: `goldilocks-alloy`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| alloy | CPU | 296m | 48m | 372m | 296m | N/A | N/A | +| alloy | Memory | 561Mi | 237Mi | 705Mi | 561Mi | N/A | N/A | +| config-reloader | CPU | 11m | 10m | 13m | 11m | N/A | N/A | +| config-reloader | Memory | 61Mi | 50Mi | 76Mi | 61Mi | N/A | N/A | + +**DaemonSet: `caretta`** (VPA: `goldilocks-caretta`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| caretta | CPU | 15m | 15m | 45m | 15m | N/A | N/A | +| caretta | Memory | 422Mi | 391Mi | 899Mi | 422Mi | N/A | N/A | + +**Deployment: `goflow2`** (VPA: `goldilocks-goflow2`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| goflow2 | CPU | 23m | 15m | 87m | 23m | 50m | 200m | +| goflow2 | Memory | 100Mi | 100Mi | 118Mi | 100Mi | 64Mi | 256Mi | + +**Deployment: `grafana`** (VPA: `goldilocks-grafana`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| grafana | CPU | 35m | 22m | 43m | 35m | 50m | 500m | +| grafana | Memory | 215Mi | 138Mi | 298Mi | 215Mi | 128Mi | 512Mi | +| grafana-sc-dashboard | CPU | 11m | 10m | 13m | 11m | N/A | N/A | +| grafana-sc-dashboard | Memory | 105Mi | 89Mi | 132Mi | 105Mi | N/A | N/A | +| grafana-sc-datasources | CPU | 11m | 10m | 13m | 11m | N/A | N/A | +| grafana-sc-datasources | Memory | 89Mi | 89Mi | 132Mi | 89Mi | N/A | N/A | + +**Deployment: `idrac-redfish-exporter`** (VPA: `goldilocks-idrac-redfish-exporter`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| redfish-exporter | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| redfish-exporter | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**StatefulSet: `loki`** (VPA: `goldilocks-loki`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| loki | CPU | 476m | 62m | 660m | 476m | 250m | 1.0 | +| loki | Memory | 3.08Gi | 1.91Gi | 3.98Gi | 3.08Gi | 4.00Gi | 6.00Gi | +| loki-sc-rules | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| loki-sc-rules | Memory | 121Mi | 121Mi | 156Mi | 121Mi | N/A | N/A | + +**DaemonSet: `loki-canary`** (VPA: `goldilocks-loki-canary`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| loki-canary | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| loki-canary | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**StatefulSet: `prometheus-alertmanager`** (VPA: `goldilocks-prometheus-alertmanager`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| alertmanager | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| alertmanager | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `prometheus-kube-state-metrics`** (VPA: `goldilocks-prometheus-kube-state-metrics`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| kube-state-metrics | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| kube-state-metrics | Memory | 156Mi | 100Mi | 201Mi | 156Mi | N/A | N/A | + +**DaemonSet: `prometheus-prometheus-node-exporter`** (VPA: `goldilocks-prometheus-prometheus-node-exporter`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| node-exporter | CPU | 23m | 15m | 28m | 23m | N/A | N/A | +| node-exporter | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `prometheus-prometheus-pushgateway`** (VPA: `goldilocks-prometheus-prometheus-pushgateway`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| pushgateway | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| pushgateway | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `prometheus-server`** (VPA: `goldilocks-prometheus-server`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| prometheus-server | CPU | 93m | 34m | 163m | 93m | N/A | N/A | +| prometheus-server | Memory | 4.20Gi | 4.19Gi | 5.43Gi | 4.20Gi | N/A | N/A | +| prometheus-server-configmap-reload | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| prometheus-server-configmap-reload | Memory | 61Mi | 61Mi | 78Mi | 61Mi | N/A | N/A | + +**Deployment: `proxmox-exporter`** (VPA: `goldilocks-proxmox-exporter`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| proxmox-exporter | CPU | 35m | 15m | 45m | 35m | N/A | N/A | +| proxmox-exporter | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `snmp-exporter`** (VPA: `goldilocks-snmp-exporter`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| snmp-exporter | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| snmp-exporter | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**DaemonSet: `sysctl-inotify`** (VPA: `goldilocks-sysctl-inotify`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| pause | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| pause | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### mysql-operator + +**Deployment: `mysql-operator`** (VPA: `goldilocks-mysql-operator`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| mysql-operator | CPU | 35m | 15m | 147m | 35m | N/A | N/A | +| mysql-operator | Memory | 309Mi | 307Mi | 926Mi | 309Mi | N/A | N/A | + +### n8n + +**Deployment: `n8n`** (VPA: `goldilocks-n8n`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| n8n | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| n8n | Memory | 641Mi | 422Mi | 830Mi | 641Mi | N/A | N/A | + +### navidrome + +**Deployment: `navidrome`** (VPA: `goldilocks-navidrome`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| navidrome | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| navidrome | Memory | 156Mi | 100Mi | 202Mi | 156Mi | N/A | N/A | + +### netbox + +**Deployment: `netbox`** (VPA: `goldilocks-netbox`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| netbox | CPU | 203m | 15m | 383m | 203m | 25m | 1.0 | +| netbox | Memory | 641Mi | 560Mi | 829Mi | 641Mi | 64Mi | 512Mi | + +### networking-toolbox + +**Deployment: `networking-toolbox`** (VPA: `goldilocks-networking-toolbox`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| networking-toolbox | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| networking-toolbox | Memory | 105Mi | 100Mi | 152Mi | 105Mi | N/A | N/A | + +### nextcloud + +**Deployment: `nextcloud`** (VPA: `goldilocks-nextcloud`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| nextcloud | CPU | 2.4 | 34m | 3.1 | 2.4 | 100m | 16.0 | +| nextcloud | Memory | 5.70Gi | 1.37Gi | 7.39Gi | 5.70Gi | 1.00Gi | 6.00Gi | +| nextcloud-cron | CPU | 11m | 10m | 101m | 11m | N/A | N/A | +| nextcloud-cron | Memory | 121Mi | 61Mi | 157Mi | 121Mi | N/A | N/A | + +**CronJob: `nextcloud-backup`** (VPA: `goldilocks-nextcloud-backup`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**Deployment: `whiteboard`** (VPA: `goldilocks-whiteboard`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| whiteboard | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| whiteboard | Memory | 156Mi | 156Mi | 201Mi | 156Mi | N/A | N/A | + +### ntfy + +**Deployment: `ntfy`** (VPA: `goldilocks-ntfy`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| ntfy | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| ntfy | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### nvidia + +**DaemonSet: `gpu-feature-discovery`** (VPA: `goldilocks-gpu-feature-discovery`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| config-manager | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| config-manager | Memory | 50Mi | 50Mi | 50Mi | 50Mi | N/A | N/A | +| gpu-feature-discovery | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| gpu-feature-discovery | Memory | 89Mi | 89Mi | 115Mi | 89Mi | N/A | N/A | + +**Deployment: `gpu-operator`** (VPA: `goldilocks-gpu-operator`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| gpu-operator | CPU | 23m | 22m | 45m | 23m | 200m | 500m | +| gpu-operator | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 100Mi | 350Mi | + +**DaemonSet: `gpu-pod-exporter`** (VPA: `goldilocks-gpu-pod-exporter`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| exporter | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| exporter | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**DaemonSet: `nvidia-container-toolkit-daemonset`** (VPA: `goldilocks-nvidia-container-toolkit-daemonset`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| nvidia-container-toolkit-ctr | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| nvidia-container-toolkit-ctr | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**DaemonSet: `nvidia-dcgm-exporter`** (VPA: `goldilocks-nvidia-dcgm-exporter`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| nvidia-dcgm-exporter | CPU | 23m | 22m | 29m | 23m | N/A | N/A | +| nvidia-dcgm-exporter | Memory | 641Mi | 640Mi | 828Mi | 641Mi | N/A | N/A | + +**DaemonSet: `nvidia-device-plugin-daemonset`** (VPA: `goldilocks-nvidia-device-plugin-daemonset`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| config-manager | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| config-manager | Memory | 50Mi | 50Mi | 50Mi | 50Mi | N/A | N/A | +| nvidia-device-plugin | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| nvidia-device-plugin | Memory | 50Mi | 50Mi | 61Mi | 50Mi | N/A | N/A | + +**DaemonSet: `nvidia-driver-daemonset`** (VPA: `goldilocks-nvidia-driver-daemonset`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| nvidia-driver-ctr | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| nvidia-driver-ctr | Memory | 1.37Gi | 1.37Gi | 1.77Gi | 1.37Gi | N/A | N/A | + +**Deployment: `nvidia-exporter`** (VPA: `goldilocks-nvidia-exporter`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| nvidia-exporter | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| nvidia-exporter | Memory | 175Mi | 121Mi | 226Mi | 175Mi | N/A | N/A | + +**Deployment: `nvidia-gpu-operator-node-feature-discovery-gc`** (VPA: `goldilocks-nvidia-gpu-operator-node-feature-discovery-gc`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| gc | CPU | 15m | 15m | 15m | 15m | 10m | N/A | +| gc | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 128Mi | 1.00Gi | + +**Deployment: `nvidia-gpu-operator-node-feature-discovery-master`** (VPA: `goldilocks-nvidia-gpu-operator-node-feature-discovery-master`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| master | CPU | 15m | 15m | 15m | 15m | 100m | N/A | +| master | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 128Mi | 4.00Gi | + +**DaemonSet: `nvidia-gpu-operator-node-feature-discovery-worker`** (VPA: `goldilocks-nvidia-gpu-operator-node-feature-discovery-worker`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| worker | CPU | 15m | 15m | 28m | 15m | N/A | N/A | +| worker | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**DaemonSet: `nvidia-operator-validator`** (VPA: `goldilocks-nvidia-operator-validator`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| nvidia-operator-validator | CPU | 15m | 15m | 33m | 15m | N/A | N/A | +| nvidia-operator-validator | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### ollama + +**Deployment: `ollama`** (VPA: `goldilocks-ollama`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| ollama | CPU | 15m | 15m | 15m | 15m | 500m | 4.0 | +| ollama | Memory | 259Mi | 100Mi | 335Mi | 259Mi | 4.00Gi | 12.00Gi | + +**Deployment: `ollama-ui`** (VPA: `goldilocks-ollama-ui`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| ollama-ui | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| ollama-ui | Memory | 1.15Gi | 1.15Gi | 1.49Gi | 1.15Gi | N/A | N/A | + +### onlyoffice + +**Deployment: `onlyoffice-document-server`** (VPA: `goldilocks-onlyoffice-document-server`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| onlyoffice-document-server | CPU | 35m | 15m | 45m | 35m | 250m | 8.0 | +| onlyoffice-document-server | Memory | 1.29Gi | 1.22Gi | 2.10Gi | 1.29Gi | 512Mi | 4.00Gi | + +### openclaw + +**CronJob: `cluster-healthcheck`** (VPA: `goldilocks-cluster-healthcheck`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| healthcheck | CPU | 35m | 15m | 5.1 | 35m | N/A | N/A | +| healthcheck | Memory | 100Mi | 100Mi | 10.56Gi | 100Mi | N/A | N/A | + +**Deployment: `openclaw`** (VPA: `goldilocks-openclaw`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| modelrelay | CPU | 11m | 10m | 99m | 11m | 25m | 500m | +| modelrelay | Memory | 89Mi | 73Mi | 1.22Gi | 89Mi | 64Mi | 256Mi | +| openclaw | CPU | 109m | 10m | 385m | 109m | 100m | 2.0 | +| openclaw | Memory | 1.53Gi | 990Mi | 2.11Gi | 1.53Gi | 512Mi | 2.00Gi | + +### osm-routing + +**Deployment: `osrm-bicycle`** (VPA: `goldilocks-osrm-bicycle`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| osrm-bicycle | CPU | 15m | 15m | 15m | 15m | 15m | 250m | +| osrm-bicycle | Memory | 454Mi | 454Mi | 679Mi | 454Mi | 512Mi | 1.00Gi | + +**Deployment: `osrm-foot`** (VPA: `goldilocks-osrm-foot`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| osrm-foot | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| osrm-foot | Memory | 454Mi | 422Mi | 590Mi | 454Mi | N/A | N/A | + +**Deployment: `otp`** (VPA: `goldilocks-otp`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### owntracks + +**Deployment: `owntracks`** (VPA: `goldilocks-owntracks`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| owntracks | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| owntracks | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### paperless-ngx + +**Deployment: `paperless-ngx`** (VPA: `goldilocks-paperless-ngx`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| paperless-ngx | CPU | 35m | 15m | 389m | 35m | 100m | 2.0 | +| paperless-ngx | Memory | 1.22Gi | 121Mi | 1.70Gi | 1.22Gi | 256Mi | 1.00Gi | + +### plotting-book + +**Deployment: `plotting-book`** (VPA: `goldilocks-plotting-book`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| plotting-book | CPU | 15m | 15m | 15m | 15m | 50m | 500m | +| plotting-book | Memory | 100Mi | 100Mi | 115Mi | 100Mi | 128Mi | 512Mi | + +### poison-fountain + +**Deployment: `poison-fountain`** (VPA: `goldilocks-poison-fountain`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| poison-fountain | CPU | 15m | 15m | 15m | 15m | 10m | 100m | +| poison-fountain | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 32Mi | 128Mi | + +**CronJob: `poison-fountain-fetcher`** (VPA: `goldilocks-poison-fountain-fetcher`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### privatebin + +**Deployment: `privatebin`** (VPA: `goldilocks-privatebin`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| privatebin | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| privatebin | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### realestate-crawler + +**Deployment: `realestate-crawler-api`** (VPA: `goldilocks-realestate-crawler-api`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| realestate-crawler-api | CPU | 15m | 15m | 15m | 15m | 50m | 2.0 | +| realestate-crawler-api | Memory | 175Mi | 156Mi | 244Mi | 175Mi | 128Mi | 1.00Gi | + +**Deployment: `realestate-crawler-celery`** (VPA: `goldilocks-realestate-crawler-celery`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| celery-worker | CPU | 15m | 15m | 15m | 15m | 100m | 2.0 | +| celery-worker | Memory | 933Mi | 728Mi | 2.76Gi | 933Mi | 512Mi | 2.00Gi | + +**Deployment: `realestate-crawler-celery-beat`** (VPA: `goldilocks-realestate-crawler-celery-beat`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| celery-beat | CPU | 15m | 15m | 15m | 15m | 10m | 200m | +| celery-beat | Memory | 175Mi | 174Mi | 226Mi | 175Mi | 64Mi | 256Mi | + +**Deployment: `realestate-crawler-ui`** (VPA: `goldilocks-realestate-crawler-ui`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| realestate-crawler-ui | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| realestate-crawler-ui | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### redis + +**CronJob: `redis-backup`** (VPA: `goldilocks-redis-backup`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**StatefulSet: `redis-node`** (VPA: `goldilocks-redis-node`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| redis | CPU | 410m | 48m | 900m | 410m | 50m | 500m | +| redis | Memory | 61Mi | 50Mi | 123Mi | 61Mi | 64Mi | 256Mi | +| sentinel | CPU | 35m | 34m | 71m | 35m | 50m | 200m | +| sentinel | Memory | 50Mi | 50Mi | 70Mi | 50Mi | 64Mi | 128Mi | + +### reloader + +**Deployment: `reloader-reloader`** (VPA: `goldilocks-reloader-reloader`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### resume + +**Deployment: `printer`** (VPA: `goldilocks-printer`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| printer | CPU | 15m | 15m | 15m | 15m | 50m | 1.0 | +| printer | Memory | 1.29Gi | 392Mi | 1.67Gi | 1.29Gi | 128Mi | 512Mi | + +**Deployment: `resume`** (VPA: `goldilocks-resume`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| resume | CPU | 15m | 15m | 15m | 15m | 25m | 500m | +| resume | Memory | 215Mi | 156Mi | 279Mi | 215Mi | 128Mi | 384Mi | + +### rybbit + +**Deployment: `clickhouse`** (VPA: `goldilocks-clickhouse`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| clickhouse | CPU | 1.2 | 1.0 | 1.6 | 1.2 | 100m | 2.0 | +| clickhouse | Memory | 1.91Gi | 1.22Gi | 2.47Gi | 1.91Gi | 512Mi | 4.00Gi | + +**Deployment: `rybbit`** (VPA: `goldilocks-rybbit`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| rybbit | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| rybbit | Memory | 309Mi | 215Mi | 400Mi | 309Mi | N/A | N/A | + +**Deployment: `rybbit-client`** (VPA: `goldilocks-rybbit-client`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| rybbit-client | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| rybbit-client | Memory | 175Mi | 174Mi | 226Mi | 175Mi | N/A | N/A | + +### send + +**Deployment: `send`** (VPA: `goldilocks-send`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| send | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| send | Memory | 100Mi | 100Mi | 116Mi | 100Mi | N/A | N/A | + +### servarr + +**Deployment: `flaresolverr`** (VPA: `goldilocks-flaresolverr`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| flaresolverr | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| flaresolverr | Memory | 641Mi | 308Mi | 830Mi | 641Mi | N/A | N/A | + +**Deployment: `listenarr`** (VPA: `goldilocks-listenarr`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| listenarr | CPU | 15m | 15m | 15m | 15m | 25m | 1.0 | +| listenarr | Memory | 729Mi | 523Mi | 944Mi | 729Mi | 256Mi | 1.00Gi | + +**Deployment: `prowlarr`** (VPA: `goldilocks-prowlarr`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| prowlarr | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| prowlarr | Memory | 259Mi | 259Mi | 336Mi | 259Mi | N/A | N/A | + +**Deployment: `qbittorrent`** (VPA: `goldilocks-qbittorrent`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| qbittorrent | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| qbittorrent | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### shadowsocks + +**Deployment: `shadowsocks`** (VPA: `goldilocks-shadowsocks`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| shadowsocks | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| shadowsocks | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### speedtest + +**Deployment: `speedtest`** (VPA: `goldilocks-speedtest`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| speedtest | CPU | 182m | 22m | 418m | 182m | 50m | 500m | +| speedtest | Memory | 309Mi | 259Mi | 547Mi | 309Mi | 128Mi | 512Mi | + +### stirling-pdf + +**Deployment: `stirling-pdf`** (VPA: `goldilocks-stirling-pdf`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| stirling-pdf | CPU | 15m | 15m | 29m | 15m | 100m | 2.0 | +| stirling-pdf | Memory | 1.09Gi | 728Mi | 1.41Gi | 1.09Gi | 256Mi | 1.00Gi | + +### tandoor + +**Deployment: `tandoor`** (VPA: `goldilocks-tandoor`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| recipes | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| recipes | Memory | 991Mi | 308Mi | 1.25Gi | 991Mi | N/A | N/A | + +### technitium + +**Deployment: `technitium`** (VPA: `goldilocks-technitium`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| technitium | CPU | 15m | 15m | 15m | 15m | 100m | 500m | +| technitium | Memory | 283Mi | 259Mi | 367Mi | 283Mi | 128Mi | 512Mi | + +**Deployment: `technitium-secondary`** (VPA: `goldilocks-technitium-secondary`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| technitium | CPU | 15m | 15m | 49m | 15m | 100m | 500m | +| technitium | Memory | 175Mi | 104Mi | 376Mi | 175Mi | 128Mi | 512Mi | + +**Job: `technitium-secondary-setup`** (VPA: `goldilocks-technitium-secondary-setup`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| setup | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| setup | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### tigera-operator + +**Deployment: `tigera-operator`** (VPA: `goldilocks-tigera-operator`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| tigera-operator | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| tigera-operator | Memory | 175Mi | 174Mi | 226Mi | 175Mi | N/A | N/A | + +### tor-proxy + +**Deployment: `tor-proxy`** (VPA: `goldilocks-tor-proxy`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| tor-proxy | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| tor-proxy | Memory | 121Mi | 100Mi | 157Mi | 121Mi | N/A | N/A | + +### trading-bot + +**Job: `trading-bot-db-init`** (VPA: `goldilocks-trading-bot-db-init`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| db-init | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| db-init | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `trading-bot-frontend`** (VPA: `goldilocks-trading-bot-frontend`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| api-gateway | CPU | 11m | 10m | 23m | 11m | 50m | 1.0 | +| api-gateway | Memory | 237Mi | 194Mi | 511Mi | 237Mi | 128Mi | 512Mi | +| dashboard | CPU | 11m | 10m | 14m | 11m | 10m | 200m | +| dashboard | Memory | 50Mi | 50Mi | 50Mi | 50Mi | 32Mi | 128Mi | + +**Job: `trading-bot-migrations`** (VPA: `goldilocks-trading-bot-migrations`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| migrations | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| migrations | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `trading-bot-workers`** (VPA: `goldilocks-trading-bot-workers`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| learning-engine | CPU | 11m | 10m | 14m | 11m | 10m | 500m | +| learning-engine | Memory | 89Mi | 89Mi | 116Mi | 89Mi | 64Mi | 256Mi | +| market-data | CPU | 11m | 10m | 14m | 11m | 10m | 500m | +| market-data | Memory | 138Mi | 105Mi | 180Mi | 138Mi | 64Mi | 256Mi | +| news-fetcher | CPU | 11m | 10m | 14m | 11m | 10m | 500m | +| news-fetcher | Memory | 105Mi | 75Mi | 137Mi | 105Mi | 64Mi | 256Mi | +| sentiment-analyzer | CPU | 11m | 10m | 14m | 11m | 100m | 2.0 | +| sentiment-analyzer | Memory | 1.81Gi | 1.71Gi | 2.35Gi | 1.81Gi | 512Mi | 2.00Gi | +| signal-generator | CPU | 11m | 10m | 14m | 11m | 10m | 500m | +| signal-generator | Memory | 175Mi | 89Mi | 228Mi | 175Mi | 64Mi | 256Mi | +| trade-executor | CPU | 11m | 10m | 14m | 11m | 10m | 500m | +| trade-executor | Memory | 138Mi | 138Mi | 180Mi | 138Mi | 64Mi | 256Mi | + +### traefik + +**Deployment: `auth-proxy`** (VPA: `goldilocks-auth-proxy`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| nginx | CPU | 15m | 15m | 64m | 15m | 5m | 50m | +| nginx | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 16Mi | 32Mi | + +**Deployment: `bot-block-proxy`** (VPA: `goldilocks-bot-block-proxy`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| nginx | CPU | 15m | 15m | 63m | 15m | 5m | 50m | +| nginx | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 16Mi | 32Mi | + +**Deployment: `traefik`** (VPA: `goldilocks-traefik`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| traefik | CPU | 49m | 15m | 98m | 49m | 100m | N/A | +| traefik | Memory | 194Mi | 105Mi | 298Mi | 194Mi | 128Mi | N/A | + +### travel-blog + +**Deployment: `travel-blog`** (VPA: `goldilocks-travel-blog`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| travel-blog | CPU | 15m | 15m | 15m | 15m | 250m | 500m | +| travel-blog | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 50Mi | 512Mi | + +### tuya-bridge + +**Deployment: `tuya-bridge`** (VPA: `goldilocks-tuya-bridge`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| tuya-bridge | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| tuya-bridge | Memory | 156Mi | 138Mi | 196Mi | 156Mi | N/A | N/A | + +### uptime-kuma + +**Deployment: `uptime-kuma`** (VPA: `goldilocks-uptime-kuma`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| uptime-kuma | CPU | 49m | 34m | 82m | 49m | 50m | 200m | +| uptime-kuma | Memory | 237Mi | 121Mi | 341Mi | 237Mi | 64Mi | 256Mi | + +### url + +**Deployment: `shlink`** (VPA: `goldilocks-shlink`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| shlink | CPU | 15m | 15m | 15m | 15m | 25m | N/A | +| shlink | Memory | 454Mi | 422Mi | 597Mi | 454Mi | 128Mi | 512Mi | + +**Deployment: `shlink-web`** (VPA: `goldilocks-shlink-web`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| shlink-web | CPU | 15m | 15m | 15m | 15m | 250m | 500m | +| shlink-web | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 50Mi | 512Mi | + +### vaultwarden + +**Deployment: `vaultwarden`** (VPA: `goldilocks-vaultwarden`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| vaultwarden | CPU | 15m | 15m | 15m | 15m | 50m | 200m | +| vaultwarden | Memory | 105Mi | 105Mi | 156Mi | 105Mi | 64Mi | 256Mi | + +### vpa + +**Deployment: `goldilocks-controller`** (VPA: `goldilocks-goldilocks-controller`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| goldilocks | CPU | 63m | 15m | 141m | 63m | 25m | N/A | +| goldilocks | Memory | 105Mi | 100Mi | 135Mi | 105Mi | 256Mi | N/A | + +**Deployment: `goldilocks-dashboard`** (VPA: `goldilocks-goldilocks-dashboard`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| goldilocks | CPU | 15m | 15m | 15m | 15m | 25m | N/A | +| goldilocks | Memory | 100Mi | 100Mi | 135Mi | 100Mi | 256Mi | N/A | + +**Job: `vpa-admission-certgen`** (VPA: `goldilocks-vpa-admission-certgen`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**Deployment: `vpa-admission-controller`** (VPA: `goldilocks-vpa-admission-controller`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| vpa | CPU | 15m | 15m | 15m | 15m | 50m | N/A | +| vpa | Memory | 100Mi | 100Mi | 115Mi | 100Mi | 200Mi | N/A | + +**Deployment: `vpa-recommender`** (VPA: `goldilocks-vpa-recommender`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| vpa | CPU | 23m | 22m | 29m | 23m | 50m | N/A | +| vpa | Memory | 121Mi | 121Mi | 156Mi | 121Mi | 500Mi | N/A | + +**Deployment: `vpa-updater`** (VPA: `goldilocks-vpa-updater`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| vpa | CPU | 15m | 15m | 15m | 15m | 50m | N/A | +| vpa | Memory | 105Mi | 100Mi | 135Mi | 105Mi | 500Mi | N/A | + +### wealthfolio + +**Deployment: `wealthfolio`** (VPA: `goldilocks-wealthfolio`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| wealthfolio | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| wealthfolio | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### webhook-handler + +**Deployment: `webhook-handler`** (VPA: `goldilocks-webhook-handler`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| webhook-handler | CPU | 15m | 15m | 15m | 15m | 250m | 500m | +| webhook-handler | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 50Mi | 512Mi | + +### website + +**Deployment: `blog`** (VPA: `goldilocks-blog`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| blog | CPU | 11m | 10m | 13m | 11m | 250m | 500m | +| blog | Memory | 50Mi | 50Mi | 50Mi | 50Mi | 50Mi | 512Mi | +| nginx-exporter | CPU | 11m | 10m | 13m | 11m | N/A | N/A | +| nginx-exporter | Memory | 50Mi | 50Mi | 50Mi | 50Mi | N/A | N/A | + +### whisper + +**Deployment: `piper`** (VPA: `goldilocks-piper`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| piper | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| piper | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `whisper`** (VPA: `goldilocks-whisper`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| whisper | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| whisper | Memory | 729Mi | 728Mi | 942Mi | 729Mi | N/A | N/A | + +### wireguard + +**Deployment: `wireguard`** (VPA: `goldilocks-wireguard`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| prometheus-exporter | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| prometheus-exporter | Memory | 50Mi | 50Mi | 50Mi | 50Mi | N/A | N/A | +| wireguard | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| wireguard | Memory | 50Mi | 50Mi | 50Mi | 50Mi | N/A | N/A | + +### woodpecker + +**StatefulSet: `woodpecker-agent`** (VPA: `goldilocks-woodpecker-agent`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| agent | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| agent | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Job: `woodpecker-db-init`** (VPA: `goldilocks-woodpecker-db-init`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| db-init | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| db-init | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**StatefulSet: `woodpecker-server`** (VPA: `goldilocks-woodpecker-server`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| server | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| server | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### xray + +**Deployment: `xray`** (VPA: `goldilocks-xray`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| xray | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| xray | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### ytdlp + +**Deployment: `yt-highlights`** (VPA: `goldilocks-yt-highlights`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| yt-highlights | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| yt-highlights | Memory | 237Mi | 237Mi | 306Mi | 237Mi | N/A | N/A | + +**Deployment: `ytdlp`** (VPA: `goldilocks-ytdlp`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| ytdlp | CPU | 15m | 15m | 15m | 15m | 25m | 500m | +| ytdlp | Memory | 283Mi | 215Mi | 367Mi | 283Mi | 128Mi | 512Mi | + +--- + +## Namespaces Without VPA Objects + +These namespaces have no Goldilocks VPA objects: + +- `gadget` +- `kube-node-lease` +- `kube-public` +- `reverse-proxy` + +## VPA Objects Without Recommendations + +These VPA objects exist but have no container recommendations (likely insufficient usage data): + +- `actualbudget/goldilocks-bank-sync-anca` +- `actualbudget/goldilocks-bank-sync-emo` +- `actualbudget/goldilocks-bank-sync-viktor` +- `dbaas/goldilocks-mysql-backup` +- `dbaas/goldilocks-postgresql-backup` +- `default/goldilocks-backup-etcd` +- `default/goldilocks-cleanup-failed-pods` +- `default/goldilocks-monitor-prometheus` +- `ebook2audiobook/goldilocks-audiblez` +- `ebook2audiobook/goldilocks-ebook2audiobook` +- `immich/goldilocks-postgresql-backup` +- `matrix/goldilocks-matrix` +- `nextcloud/goldilocks-nextcloud-backup` +- `osm-routing/goldilocks-otp` +- `poison-fountain/goldilocks-poison-fountain-fetcher` +- `redis/goldilocks-redis-backup` +- `reloader/goldilocks-reloader-reloader` +- `vpa/goldilocks-vpa-admission-certgen` diff --git a/.planning/quick/resource-plan.md b/.planning/quick/resource-plan.md new file mode 100644 index 00000000..bb406daa --- /dev/null +++ b/.planning/quick/resource-plan.md @@ -0,0 +1,285 @@ +# Resource Right-Sizing Plan + +## Methodology +- **Conservative**: limits = max(VPA upper bound * 2, current live usage * 2, minimum sane value) +- **Requests**: VPA target or current usage, whichever is higher +- **Floor values**: 10m CPU req, 25m CPU lim, 32Mi mem req, 64Mi mem lim (nothing goes below these) +- **GPU containers**: keep nvidia.com/gpu, add CPU/mem based on VPA data +- **Ollama special case**: remove CPU/mem limits entirely (keep only GPU + minimal requests) + +## Wave 1: CRITICAL FIXES (actively broken) + +### dashy — CPU throttled at 98% (490m/500m), mem needs 2.36Gi +- File: stacks/dashy/main.tf +- VPA target: 15m CPU, 2.36Gi mem | Upper: 15m CPU, 3.23Gi mem +- Live: 490m CPU, 1048Mi mem +- **New**: req 50m/512Mi, lim 2/4Gi + +### stirling-pdf — CPU throttled at 99.7% (299m/300m) +- File: stacks/stirling-pdf/main.tf +- VPA target: 29m CPU, 1.41Gi mem | Upper: 29m CPU, 1.41Gi mem +- Live: 299m CPU, 902Mi mem +- **New**: req 100m/512Mi, lim 2/2Gi + +### MySQL cluster — OOMKilled, 1845Mi with 2Gi limit +- File: stacks/platform/modules/dbaas/main.tf +- Already bumped to 3Gi in previous session, but pods show 512Mi (VPA override legacy) +- VPA target: 2.77Gi | Upper: 6.90Gi +- **New**: top-level resources: req 250m/2Gi, lim 2/4Gi; podSpec.containers mysql: same + +### traefik auth-proxy & bot-block-proxy — VPA says need 100Mi, limit is 32Mi +- File: stacks/platform/modules/traefik/main.tf +- **New**: req 5m/32Mi, lim 50m/128Mi + +## Wave 2: STANDALONE STACKS — containers without explicit resources + +### affine — over-provisioned (2 CPU / 4Gi, uses 4m/174Mi) +- VPA upper: 63m/307Mi +- **New**: req 25m/128Mi, lim 250m/512Mi + +### aiostreams — mem at 215Mi with 768Mi limit, VPA says 641Mi target +- **New**: req 25m/256Mi, lim 500m/1Gi + +### audiobookshelf — no resources, 55Mi usage +- VPA upper: 15m/170Mi +- **New**: req 15m/64Mi, lim 250m/512Mi + +### changedetection — sockpuppetbrowser (Chromium) + changedetection +- changedetection: VPA 15m/100Mi | **New**: req 15m/64Mi, lim 250m/256Mi +- sockpuppetbrowser: Chromium needs more | **New**: req 25m/128Mi, lim 500m/512Mi + +### cyberchef — tiny (8Mi), no resources +- **New**: req 10m/32Mi, lim 100m/128Mi + +### dawarich — Rails app at 438Mi +- VPA upper: 15m/838Mi +- **New**: req 15m/256Mi, lim 250m/1Gi + +### diun — tiny (24Mi) +- **New**: req 10m/32Mi, lim 100m/128Mi + +### echo — 5 replicas, tiny (19-30Mi each) +- **New**: req 10m/32Mi, lim 100m/128Mi + +### excalidraw — tiny (2Mi) +- **New**: req 10m/16Mi, lim 100m/64Mi + +### flaresolverr — Chromium at 148Mi/256Mi (58%) +- VPA upper: 15m/348Mi +- **New**: req 25m/128Mi, lim 500m/512Mi + +### freshrss — 56Mi +- VPA upper: 15m/167Mi +- **New**: req 15m/64Mi, lim 250m/256Mi + +### hackmd — Node.js at 82Mi +- VPA upper: 15m/256Mi +- **New**: req 15m/64Mi, lim 250m/512Mi + +### isponsorblocktv — 42Mi +- **New**: req 10m/32Mi, lim 150m/256Mi + +### linkwarden — Next.js at 682Mi +- VPA upper: 15m/1.04Gi +- **New**: req 25m/256Mi, lim 500m/1.5Gi + +### n8n — workflow automation at 425Mi +- VPA upper: 15m/766Mi +- **New**: req 25m/256Mi, lim 500m/1Gi + +### navidrome — music at 62Mi +- VPA upper: 15m/179Mi +- **New**: req 15m/64Mi, lim 250m/384Mi + +### ntfy — 20Mi +- **New**: req 10m/32Mi, lim 100m/128Mi + +### owntracks — tiny (1Mi) +- **New**: req 10m/16Mi, lim 100m/64Mi + +### privatebin — 46Mi +- **New**: req 10m/32Mi, lim 150m/256Mi + +### send — 53Mi +- **New**: req 10m/32Mi, lim 150m/256Mi + +### shadowsocks — tiny (0Mi) +- **New**: req 10m/16Mi, lim 100m/64Mi + +### tandoor — Django at 754Mi +- VPA upper: 15m/1.14Gi +- **New**: req 25m/256Mi, lim 250m/1.5Gi + +### tor-proxy — 61Mi +- VPA upper: 15m/167Mi +- **New**: req 10m/64Mi, lim 150m/256Mi + +### wealthfolio — tiny (8Mi) +- **New**: req 10m/32Mi, lim 100m/128Mi + +### networking-toolbox — tiny, 3 replicas +- **New**: req 10m/32Mi, lim 100m/128Mi + +### tuya-bridge — IoT bridge, 3 replicas +- VPA upper: 15m/100Mi +- **New**: req 10m/32Mi, lim 150m/256Mi + +### rybbit — Node.js backend at 185Mi +- **New**: req 25m/128Mi, lim 250m/512Mi +### rybbit-client — 89Mi +- **New**: req 10m/64Mi, lim 150m/256Mi + +## Wave 3: PLATFORM MODULES — containers without explicit resources + +### mailserver — docker-mailserver at 183Mi (needs more for ClamAV) +- VPA upper: 15m/317Mi +- **New**: req 25m/128Mi, lim 500m/512Mi +### dovecot-exporter +- **New**: req 10m/16Mi, lim 100m/64Mi + +### cloudflared — 31-59Mi each, 3 replicas +- VPA upper: 15m/110Mi +- **New**: req 15m/32Mi, lim 200m/256Mi + +### pgadmin — 265Mi +- VPA upper: 15m/413Mi +- **New**: req 25m/128Mi, lim 500m/512Mi + +### phpmyadmin — 46Mi +- VPA upper: 15m/100Mi +- **New**: req 15m/32Mi, lim 250m/256Mi + +### crowdsec-web — 46Mi +- **New**: req 15m/32Mi, lim 250m/256Mi + +### xray — 11Mi +- **New**: req 10m/32Mi, lim 100m/128Mi + +### wireguard — tiny (2Mi) +- **New**: req 10m/16Mi, lim 100m/128Mi +### wireguard prometheus-exporter +- **New**: req 10m/16Mi, lim 50m/64Mi + +### k8s-portal — 14Mi +- **New**: req 10m/32Mi, lim 100m/128Mi + +## Wave 4: GPU CONTAINERS — add CPU/mem to GPU-only containers + +### ollama — SPECIAL: remove limits, keep minimal requests + GPU +- **New**: req 100m/256Mi, lim nvidia.com/gpu=1 ONLY (no CPU/mem limits) + +### frigate — highest mem (3835Mi), CPU (860m) +- VPA upper: 1.8 CPU, 6.65Gi mem +- **New**: req 500m/2Gi, lim 4/8Gi + GPU:1 + +### immich-machine-learning — 1215Mi +- VPA upper: 15m/2.90Gi +- **New**: req 100m/1Gi, lim 2/4Gi + GPU:1 + +### immich-server — no resources, 404Mi, VPA 920m CPU +- **New**: req 100m/256Mi, lim 2/2Gi + +### immich-postgresql — no resources, 268Mi +- **New**: req 50m/256Mi, lim 1/1Gi + +### ollama-ui — 658Mi, no resources +- VPA upper: 15m/969Mi +- **New**: req 25m/256Mi, lim 500m/1.5Gi + +### whisper — 628Mi, no resources +- VPA upper: 15m/969Mi +- **New**: req 25m/256Mi, lim 500m/1.5Gi + +### piper — 32Mi +- **New**: req 25m/64Mi, lim 250m/512Mi + +## Wave 5: RIGHT-SIZE OVER-PROVISIONED + +### kms-web-page — uses 0m/10Mi but has 500m/512Mi Guaranteed QoS +- **New**: req 10m/16Mi, lim 50m/64Mi + +### kms (windows) — uses 0m/0Mi but has 1/512Mi +- **New**: req 10m/32Mi, lim 100m/128Mi + +### city-guesser — uses 1m/23Mi but has 250m/500m CPU req +- **New**: req 10m/32Mi, lim 100m/256Mi + +### blog — uses 0m/17Mi but has 250m/500m +- **New**: req 10m/32Mi, lim 100m/256Mi + +### travel-blog — uses 0m/9Mi, has 250m/500m +- **New**: req 10m/32Mi, lim 100m/256Mi + +### webhook-handler — uses 1m/8Mi, has 250m/500m +- **New**: req 10m/32Mi, lim 100m/256Mi + +### coturn — uses 1m/7Mi, has 100m/1 CPU +- **New**: req 10m/32Mi, lim 100m/128Mi + +### health — uses 2m/101Mi, has 100m/1 +- **New**: req 15m/64Mi, lim 250m/256Mi + +### plotting-book — uses 0m/22Mi, has 50m/500m +- **New**: req 10m/32Mi, lim 100m/256Mi + +### resume/printer — uses 3m/109Mi, VPA says 1.29Gi mem (Chromium!) +- **New**: req 25m/128Mi, lim 500m/1.5Gi (Chromium headless) + +### resume — uses 1m/116Mi, has 25m/500m +- **New**: req 15m/64Mi, lim 250m/384Mi + +### openclaw/modelrelay — uses low, VPA upper 1.22Gi mem +- **New**: req 25m/64Mi, lim 500m/512Mi + +### atuin — uses 1m/2Mi +- **New**: req 10m/16Mi, lim 100m/128Mi + +### vaultwarden — uses 1m/49Mi +- **New**: req 10m/32Mi, lim 100m/256Mi + +### f1-stream — uses 7m/53Mi +- **New**: req 25m/64Mi, lim 250m/256Mi + +### speedtest — uses 1m/147Mi, has 25m/500m +- VPA upper: 418m CPU (spikes during tests!) +- **New**: req 25m/128Mi, lim 1/512Mi + +### netbox — uses 1m/480Mi +- VPA upper: 383m CPU, 605Mi mem +- **New**: req 25m/256Mi, lim 500m/1Gi + +### meshcentral — uses 1m/127Mi +- VPA upper: 15m/367Mi +- **New**: req 15m/64Mi, lim 250m/512Mi + +### forgejo — uses 1m/170Mi +- VPA upper: 15m/284Mi +- **New**: req 15m/64Mi, lim 250m/512Mi + +### calibre-web-automated — uses 1m/196Mi +- VPA upper: 63m/829Mi +- **New**: req 25m/256Mi, lim 500m/1Gi + +### paperless-ngx — uses 4m/691Mi, VPA upper 1.70Gi +- **New**: req 50m/512Mi, lim 1/2Gi + +### realestate-crawler-api — uses 2m/133Mi, has 50m/2000m CPU lim +- **New**: req 15m/64Mi, lim 250m/512Mi + +### realestate-crawler-celery-beat — uses 0m/107Mi +- **New**: req 10m/64Mi, lim 100m/256Mi + +### osrm-bicycle — uses 0m/366Mi +- VPA upper: 15m/679Mi +- **New**: req 15m/256Mi, lim 100m/1Gi + +### osrm-foot — no resources, uses 0m/359Mi +- VPA upper similar to bicycle +- **New**: req 15m/256Mi, lim 100m/1Gi + +### freedify — uses 2m/57-68Mi, has 100m/500m +- **New**: req 15m/64Mi, lim 250m/256Mi + +### onlyoffice — uses 3m/1007Mi, has 250m/8 CPU (177x waste on CPU) +- Keep memory at 4Gi (needs it), reduce CPU +- **New**: req 100m/512Mi, lim 2/4Gi diff --git a/docs/plans/2026-03-03-cluster-hardening-design.md b/docs/plans/2026-03-03-cluster-hardening-design.md new file mode 100644 index 00000000..d8625e5c --- /dev/null +++ b/docs/plans/2026-03-03-cluster-hardening-design.md @@ -0,0 +1,73 @@ +# Cluster Hardening Design + +**Date**: 2026-03-03 +**Status**: Approved +**Scope**: Service availability, failure detection, DNS HA + +## Context + +Reliability audit identified gaps in failure detection (most services lack health probes), NFS monitoring (backbone for 70+ services has no dedicated alerting), and DNS high availability (AXFR-based secondary doesn't sync settings/blocklists). + +## Decisions + +- No PDBs for now — revisit when adding more replicas +- No NetworkPolicies in this phase — covered by security observability design +- Replicate only critical infra (DNS); apps stay at 1 replica +- Keep databases on NFS; harden via monitoring, not migration +- Backup/DR items (MinIO, rsync, PBS, runbooks) deferred to a separate effort + +## Items + +### 1. etcd Backup Alerts — DONE + +- `EtcdBackupStale`: fires critical if last successful backup > 36h +- `EtcdBackupNeverSucceeded`: fires critical if backup has never completed +- etcd backup image updated to `registry.k8s.io/etcd:3.6.5-0` (matches cluster) +- Applied 2026-03-03 + +### 2. Liveness & Readiness Probes + +Add HTTP probes to Terraform-managed deployments. Conservative timing to avoid spamming: +- `periodSeconds: 30` +- `failureThreshold: 5` (150s before restart) +- `initialDelaySeconds: 15` +- `timeoutSeconds: 5` + +Use known health endpoints where available, fall back to `GET /` on container port. +Start with tier-0/tier-1 services, then extend to tier-3/tier-4. + +### 3. NFS Health Monitoring + +- **Prometheus alert**: `NFSServerDown` via blackbox exporter TCP probe on `10.0.10.15:2049`, fires critical after 2 minutes +- **Uptime Kuma**: TCP monitor on `10.0.10.15:2049` + +### 4. Technitium DNS Clustering + +Migrate from AXFR zone transfers to Technitium's built-in clustering: + +**Architecture change**: +- Convert primary + secondary Deployments → single StatefulSet with 2 replicas +- Add headless Service for stable pod DNS names +- Separate NFS volumes per replica (existing pattern preserved) + +**Clustering setup**: +- Cluster domain: `dns.viktorbarzin.lan` (permanent) +- Pod-0: primary (`/api/admin/cluster/init`) +- Pod-1: secondary (`/api/admin/cluster/initJoin`) +- HTTPS auto-enabled with self-signed certs (internal only) +- One-shot setup Job after StatefulSet is running + +**What clustering syncs** (vs AXFR which only syncs zone records): +- Zones (via catalog zone — auto-syncs new zones) +- Blocklists and allowed lists +- DNS applications and their configs +- Users, groups, permissions, API tokens +- Settings + +**Requires maintenance window**: brief DNS outage during StatefulSet migration. + +## Implementation Order + +1. NFS health monitoring (low effort, no disruption) +2. Health probes (medium effort, rolling restarts) +3. Technitium clustering (high effort, requires maintenance window) diff --git a/stacks/affine/tiers.tf b/stacks/affine/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/affine/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/audiobookshelf/tiers.tf b/stacks/audiobookshelf/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/audiobookshelf/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/blog/tiers.tf b/stacks/blog/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/blog/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/calibre/tiers.tf b/stacks/calibre/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/calibre/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/changedetection/tiers.tf b/stacks/changedetection/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/changedetection/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/city-guesser/tiers.tf b/stacks/city-guesser/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/city-guesser/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/coturn/tiers.tf b/stacks/coturn/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/coturn/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/cyberchef/tiers.tf b/stacks/cyberchef/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/cyberchef/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/dashy/tiers.tf b/stacks/dashy/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/dashy/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/dawarich/tiers.tf b/stacks/dawarich/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/dawarich/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/descheduler/tiers.tf b/stacks/descheduler/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/descheduler/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/diun/tiers.tf b/stacks/diun/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/diun/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/echo/tiers.tf b/stacks/echo/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/echo/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/excalidraw/tiers.tf b/stacks/excalidraw/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/excalidraw/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/forgejo/tiers.tf b/stacks/forgejo/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/forgejo/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/freedify/tiers.tf b/stacks/freedify/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/freedify/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/freshrss/tiers.tf b/stacks/freshrss/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/freshrss/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/frigate/tiers.tf b/stacks/frigate/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/frigate/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/grampsweb/tiers.tf b/stacks/grampsweb/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/grampsweb/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/hackmd/tiers.tf b/stacks/hackmd/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/hackmd/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/health/tiers.tf b/stacks/health/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/health/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/homepage/tiers.tf b/stacks/homepage/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/homepage/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/immich/tiers.tf b/stacks/immich/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/immich/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/isponsorblocktv/tiers.tf b/stacks/isponsorblocktv/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/isponsorblocktv/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/jsoncrack/tiers.tf b/stacks/jsoncrack/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/jsoncrack/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/k8s-dashboard/tiers.tf b/stacks/k8s-dashboard/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/k8s-dashboard/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/kms/tiers.tf b/stacks/kms/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/kms/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/linkwarden/tiers.tf b/stacks/linkwarden/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/linkwarden/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/matrix/tiers.tf b/stacks/matrix/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/matrix/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/meshcentral/tiers.tf b/stacks/meshcentral/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/meshcentral/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/n8n/tiers.tf b/stacks/n8n/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/n8n/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/navidrome/tiers.tf b/stacks/navidrome/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/navidrome/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/netbox/tiers.tf b/stacks/netbox/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/netbox/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/networking-toolbox/tiers.tf b/stacks/networking-toolbox/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/networking-toolbox/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/ntfy/tiers.tf b/stacks/ntfy/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/ntfy/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/onlyoffice/tiers.tf b/stacks/onlyoffice/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/onlyoffice/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/openclaw/tiers.tf b/stacks/openclaw/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/openclaw/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/owntracks/tiers.tf b/stacks/owntracks/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/owntracks/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/platform/redis-25.3.2.tgz b/stacks/platform/redis-25.3.2.tgz new file mode 100644 index 00000000..4e34e7a1 Binary files /dev/null and b/stacks/platform/redis-25.3.2.tgz differ diff --git a/stacks/privatebin/tiers.tf b/stacks/privatebin/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/privatebin/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/real-estate-crawler/tiers.tf b/stacks/real-estate-crawler/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/real-estate-crawler/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/reloader/tiers.tf b/stacks/reloader/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/reloader/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/resume/tiers.tf b/stacks/resume/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/resume/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/send/tiers.tf b/stacks/send/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/send/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/shadowsocks/tiers.tf b/stacks/shadowsocks/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/shadowsocks/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/speedtest/tiers.tf b/stacks/speedtest/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/speedtest/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/tandoor/tiers.tf b/stacks/tandoor/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/tandoor/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/tor-proxy/tiers.tf b/stacks/tor-proxy/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/tor-proxy/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/travel_blog/tiers.tf b/stacks/travel_blog/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/travel_blog/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/tuya-bridge/tiers.tf b/stacks/tuya-bridge/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/tuya-bridge/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/url/tiers.tf b/stacks/url/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/url/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/wealthfolio/tiers.tf b/stacks/wealthfolio/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/wealthfolio/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/webhook_handler/tiers.tf b/stacks/webhook_handler/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/webhook_handler/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/whisper/tiers.tf b/stacks/whisper/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/whisper/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +}