From 23019da8e5ae5e5cadf63fdd314f797ff00f0194 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Sat, 14 Mar 2026 21:46:49 +0000 Subject: [PATCH] equalize memory req=lim across 70+ containers using Prometheus 7d max data After node2 OOM incident, right-size memory across the cluster by setting requests=limits based on max_over_time(container_memory_working_set_bytes[7d]) with 1.3x headroom. Eliminates ~37Gi overcommit gap. Categories: - Safe equalization (50 containers): set req=lim where max7d well within target - Limit increases (8 containers): raise limits for services spiking above current - No Prometheus data (12 containers): conservatively set lim=req - Exception: nextcloud keeps req=256Mi/lim=8Gi due to Apache memory spikes Also increased dbaas namespace quota from 12Gi to 16Gi to accommodate mysql 4Gi limits across 3 replicas. --- stacks/actualbudget/factory/main.tf | 2 +- stacks/freedify/factory/main.tf | 4 +-- stacks/frigate/main.tf | 2 +- stacks/nextcloud/chart_values.yaml | 8 ++++- stacks/novelapp/main.tf | 2 +- stacks/ollama/main.tf | 1 + stacks/platform/modules/authentik/values.yaml | 4 +-- stacks/platform/modules/cloudflared/main.tf | 4 +-- stacks/platform/modules/cnpg/main.tf | 2 +- stacks/platform/modules/crowdsec/main.tf | 4 +-- stacks/platform/modules/dbaas/main.tf | 18 +++++----- stacks/platform/modules/headscale/main.tf | 6 ++-- stacks/platform/modules/iscsi-csi/main.tf | 8 ++--- stacks/platform/modules/k8s-portal/main.tf | 2 +- stacks/platform/modules/kyverno/main.tf | 30 ++++++++++++++-- stacks/platform/modules/mailserver/main.tf | 6 ++-- .../modules/mailserver/roundcubemail.tf | 9 +++++ .../modules/metrics-server/values.yaml | 6 ++++ stacks/platform/modules/monitoring/caretta.tf | 4 +-- stacks/platform/modules/monitoring/goflow2.tf | 4 +-- .../monitoring/grafana_chart_values.yaml | 2 +- .../monitoring/prometheus_chart_values.tpl | 12 +++++++ .../modules/monitoring/pve_exporter.tf | 10 ++++++ .../modules/monitoring/snmp_exporter.tf | 11 ++++++ stacks/platform/modules/nfs-csi/main.tf | 36 ++++++++++++++++--- stacks/platform/modules/nvidia/main.tf | 2 +- stacks/platform/modules/redis/main.tf | 8 ++--- .../platform/modules/sealed-secrets/main.tf | 4 +-- stacks/platform/modules/technitium/ha.tf | 2 +- stacks/platform/modules/technitium/main.tf | 2 +- stacks/platform/modules/traefik/main.tf | 13 ++++--- stacks/platform/modules/vaultwarden/main.tf | 2 +- stacks/platform/modules/vpa/main.tf | 27 ++++++++++++++ stacks/platform/modules/wireguard/main.tf | 8 ++--- stacks/platform/modules/xray/main.tf | 4 +-- stacks/servarr/aiostreams/main.tf | 4 +-- stacks/servarr/flaresolverr/main.tf | 4 +-- stacks/servarr/listenarr/main.tf | 4 +-- stacks/vault/main.tf | 4 +-- 39 files changed, 211 insertions(+), 74 deletions(-) diff --git a/stacks/actualbudget/factory/main.tf b/stacks/actualbudget/factory/main.tf index 2e649cc5..93edaf15 100644 --- a/stacks/actualbudget/factory/main.tf +++ b/stacks/actualbudget/factory/main.tf @@ -152,7 +152,7 @@ resource "kubernetes_deployment" "actualbudget-http-api" { memory = "128Mi" } limits = { - memory = "512Mi" + memory = "128Mi" } } diff --git a/stacks/freedify/factory/main.tf b/stacks/freedify/factory/main.tf index 69e85531..4b760663 100755 --- a/stacks/freedify/factory/main.tf +++ b/stacks/freedify/factory/main.tf @@ -33,7 +33,7 @@ variable "gemini_api_key" { } variable "memory_limit" { type = string - default = "256Mi" + default = "128Mi" } variable "cpu_request" { type = string @@ -41,7 +41,7 @@ variable "cpu_request" { } variable "memory_request" { type = string - default = "64Mi" + default = "128Mi" } variable "extra_annotations" { type = map(string) diff --git a/stacks/frigate/main.tf b/stacks/frigate/main.tf index f142b160..ea0925aa 100644 --- a/stacks/frigate/main.tf +++ b/stacks/frigate/main.tf @@ -86,7 +86,7 @@ resource "kubernetes_deployment" "frigate" { resources { requests = { cpu = "1500m" - memory = "2Gi" + memory = "8Gi" } limits = { memory = "8Gi" diff --git a/stacks/nextcloud/chart_values.yaml b/stacks/nextcloud/chart_values.yaml index 6e9d3606..f8421fb4 100644 --- a/stacks/nextcloud/chart_values.yaml +++ b/stacks/nextcloud/chart_values.yaml @@ -104,10 +104,16 @@ collabora: resources: limits: - memory: 1Gi + memory: 8Gi requests: cpu: 50m memory: 256Mi cronjob: enabled: true + resources: + limits: + memory: 384Mi + requests: + cpu: 25m + memory: 384Mi diff --git a/stacks/novelapp/main.tf b/stacks/novelapp/main.tf index cc8ccc1f..28248a33 100644 --- a/stacks/novelapp/main.tf +++ b/stacks/novelapp/main.tf @@ -105,7 +105,7 @@ resource "kubernetes_deployment" "novelapp" { cpu = "10m" } limits = { - memory = "128Mi" + memory = "64Mi" } } } diff --git a/stacks/ollama/main.tf b/stacks/ollama/main.tf index 6cd07069..e095bd60 100644 --- a/stacks/ollama/main.tf +++ b/stacks/ollama/main.tf @@ -119,6 +119,7 @@ resource "kubernetes_deployment" "ollama" { memory = "256Mi" } limits = { + memory = "256Mi" "nvidia.com/gpu" = "1" } } diff --git a/stacks/platform/modules/authentik/values.yaml b/stacks/platform/modules/authentik/values.yaml index cdcee927..ddd191cd 100644 --- a/stacks/platform/modules/authentik/values.yaml +++ b/stacks/platform/modules/authentik/values.yaml @@ -20,7 +20,7 @@ server: resources: requests: cpu: 100m - memory: 512Mi + memory: 1Gi limits: memory: 1Gi topologySpreadConstraints: @@ -48,7 +48,7 @@ worker: resources: requests: cpu: 100m - memory: 384Mi + memory: 1Gi limits: memory: 1Gi topologySpreadConstraints: diff --git a/stacks/platform/modules/cloudflared/main.tf b/stacks/platform/modules/cloudflared/main.tf index b2e8ce45..8cee6da1 100644 --- a/stacks/platform/modules/cloudflared/main.tf +++ b/stacks/platform/modules/cloudflared/main.tf @@ -73,10 +73,10 @@ resource "kubernetes_deployment" "cloudflared" { resources { requests = { cpu = "15m" - memory = "32Mi" + memory = "128Mi" } limits = { - memory = "256Mi" + memory = "128Mi" } } } diff --git a/stacks/platform/modules/cnpg/main.tf b/stacks/platform/modules/cnpg/main.tf index b2e675de..64a1d730 100644 --- a/stacks/platform/modules/cnpg/main.tf +++ b/stacks/platform/modules/cnpg/main.tf @@ -37,7 +37,7 @@ resource "helm_release" "cnpg" { resources = { requests = { cpu = "100m" - memory = "128Mi" + memory = "256Mi" } limits = { memory = "256Mi" diff --git a/stacks/platform/modules/crowdsec/main.tf b/stacks/platform/modules/crowdsec/main.tf index 6257268b..9141be3a 100644 --- a/stacks/platform/modules/crowdsec/main.tf +++ b/stacks/platform/modules/crowdsec/main.tf @@ -170,10 +170,10 @@ resource "kubernetes_deployment" "crowdsec-web" { resources { requests = { cpu = "15m" - memory = "32Mi" + memory = "128Mi" } limits = { - memory = "256Mi" + memory = "128Mi" } } } diff --git a/stacks/platform/modules/dbaas/main.tf b/stacks/platform/modules/dbaas/main.tf index 0165b502..d69293e4 100644 --- a/stacks/platform/modules/dbaas/main.tf +++ b/stacks/platform/modules/dbaas/main.tf @@ -78,10 +78,10 @@ resource "helm_release" "mysql_operator" { resources = { requests = { cpu = "100m" - memory = "256Mi" + memory = "384Mi" } limits = { - memory = "512Mi" + memory = "384Mi" } } })] @@ -181,10 +181,10 @@ resource "helm_release" "mysql_cluster" { resources = { requests = { cpu = "250m" - memory = "2Gi" + memory = "4Gi" } limits = { - memory = "2Gi" + memory = "4Gi" } } @@ -216,11 +216,11 @@ resource "helm_release" "mysql_cluster" { name = "mysql" resources = { requests = { - memory = "2Gi" + memory = "4Gi" cpu = "250m" } limits = { - memory = "2Gi" + memory = "4Gi" } } }] @@ -546,10 +546,10 @@ resource "kubernetes_deployment" "phpmyadmin" { resources { requests = { cpu = "15m" - memory = "32Mi" + memory = "128Mi" } limits = { - memory = "256Mi" + memory = "128Mi" } } } @@ -977,7 +977,7 @@ resource "kubernetes_deployment" "pgadmin" { resources { requests = { cpu = "25m" - memory = "128Mi" + memory = "512Mi" } limits = { memory = "512Mi" diff --git a/stacks/platform/modules/headscale/main.tf b/stacks/platform/modules/headscale/main.tf index 32454c90..4d5e9dc6 100644 --- a/stacks/platform/modules/headscale/main.tf +++ b/stacks/platform/modules/headscale/main.tf @@ -79,10 +79,10 @@ resource "kubernetes_deployment" "headscale" { resources { requests = { cpu = "50m" - memory = "64Mi" + memory = "128Mi" } limits = { - memory = "256Mi" + memory = "128Mi" } } @@ -163,7 +163,7 @@ resource "kubernetes_deployment" "headscale" { resources { requests = { cpu = "25m" - memory = "32Mi" + memory = "128Mi" } limits = { memory = "128Mi" diff --git a/stacks/platform/modules/iscsi-csi/main.tf b/stacks/platform/modules/iscsi-csi/main.tf index c8e668c7..e991551b 100644 --- a/stacks/platform/modules/iscsi-csi/main.tf +++ b/stacks/platform/modules/iscsi-csi/main.tf @@ -38,8 +38,8 @@ resource "helm_release" "democratic_csi" { replicas = 2 driver = { resources = { - requests = { cpu = "25m", memory = "64Mi" } - limits = { memory = "256Mi" } + requests = { cpu = "25m", memory = "192Mi" } + limits = { memory = "192Mi" } } } } @@ -47,8 +47,8 @@ resource "helm_release" "democratic_csi" { node = { driver = { resources = { - requests = { cpu = "25m", memory = "64Mi" } - limits = { memory = "256Mi" } + requests = { cpu = "25m", memory = "192Mi" } + limits = { memory = "192Mi" } } } diff --git a/stacks/platform/modules/k8s-portal/main.tf b/stacks/platform/modules/k8s-portal/main.tf index 6088b5ab..b1265138 100644 --- a/stacks/platform/modules/k8s-portal/main.tf +++ b/stacks/platform/modules/k8s-portal/main.tf @@ -72,7 +72,7 @@ resource "kubernetes_deployment" "k8s_portal" { resources { requests = { cpu = "10m" - memory = "32Mi" + memory = "128Mi" } limits = { memory = "128Mi" diff --git a/stacks/platform/modules/kyverno/main.tf b/stacks/platform/modules/kyverno/main.tf index 67ca1769..f4ea4b27 100644 --- a/stacks/platform/modules/kyverno/main.tf +++ b/stacks/platform/modules/kyverno/main.tf @@ -30,7 +30,31 @@ resource "helm_release" "kyverno" { reportsController = { resources = { limits = { - memory = "512Mi" + memory = "128Mi" + } + requests = { + cpu = "100m" + memory = "128Mi" + } + } + } + + backgroundController = { + resources = { + limits = { + memory = "384Mi" + } + requests = { + cpu = "100m" + memory = "384Mi" + } + } + } + + cleanupController = { + resources = { + limits = { + memory = "128Mi" } requests = { cpu = "100m" @@ -45,11 +69,11 @@ resource "helm_release" "kyverno" { container = { resources = { limits = { - memory = "768Mi" + memory = "256Mi" } requests = { cpu = "100m" - memory = "128Mi" + memory = "256Mi" } } } diff --git a/stacks/platform/modules/mailserver/main.tf b/stacks/platform/modules/mailserver/main.tf index 39782852..2e9c4b2e 100644 --- a/stacks/platform/modules/mailserver/main.tf +++ b/stacks/platform/modules/mailserver/main.tf @@ -362,7 +362,7 @@ resource "kubernetes_deployment" "mailserver" { resources { requests = { cpu = "25m" - memory = "128Mi" + memory = "512Mi" } limits = { memory = "512Mi" @@ -391,10 +391,10 @@ resource "kubernetes_deployment" "mailserver" { resources { requests = { cpu = "10m" - memory = "16Mi" + memory = "32Mi" } limits = { - memory = "64Mi" + memory = "32Mi" } } } diff --git a/stacks/platform/modules/mailserver/roundcubemail.tf b/stacks/platform/modules/mailserver/roundcubemail.tf index 38957498..5441c287 100644 --- a/stacks/platform/modules/mailserver/roundcubemail.tf +++ b/stacks/platform/modules/mailserver/roundcubemail.tf @@ -155,6 +155,15 @@ resource "kubernetes_deployment" "roundcubemail" { name = "enigma" mount_path = "/var/roundcube/enigma" } + resources { + requests = { + cpu = "25m" + memory = "192Mi" + } + limits = { + memory = "192Mi" + } + } } # volume { diff --git a/stacks/platform/modules/metrics-server/values.yaml b/stacks/platform/modules/metrics-server/values.yaml index 17a83bb4..f46fb34a 100644 --- a/stacks/platform/modules/metrics-server/values.yaml +++ b/stacks/platform/modules/metrics-server/values.yaml @@ -1,2 +1,8 @@ args: - "--kubelet-insecure-tls" +resources: + requests: + cpu: 50m + memory: 200Mi + limits: + memory: 200Mi diff --git a/stacks/platform/modules/monitoring/caretta.tf b/stacks/platform/modules/monitoring/caretta.tf index 015156a8..5f3ca34a 100644 --- a/stacks/platform/modules/monitoring/caretta.tf +++ b/stacks/platform/modules/monitoring/caretta.tf @@ -29,10 +29,10 @@ resource "helm_release" "caretta" { resources = { requests = { cpu = "10m" - memory = "300Mi" + memory = "768Mi" } limits = { - memory = "512Mi" + memory = "768Mi" } } })] diff --git a/stacks/platform/modules/monitoring/goflow2.tf b/stacks/platform/modules/monitoring/goflow2.tf index 8f355df1..1eba5392 100644 --- a/stacks/platform/modules/monitoring/goflow2.tf +++ b/stacks/platform/modules/monitoring/goflow2.tf @@ -40,10 +40,10 @@ resource "kubernetes_deployment" "goflow2" { resources { requests = { cpu = "50m" - memory = "64Mi" + memory = "128Mi" } limits = { - memory = "256Mi" + memory = "128Mi" } } } diff --git a/stacks/platform/modules/monitoring/grafana_chart_values.yaml b/stacks/platform/modules/monitoring/grafana_chart_values.yaml index 1afaad02..44ce866b 100644 --- a/stacks/platform/modules/monitoring/grafana_chart_values.yaml +++ b/stacks/platform/modules/monitoring/grafana_chart_values.yaml @@ -5,7 +5,7 @@ adminPassword: "${grafana_admin_password}" resources: requests: cpu: 50m - memory: 128Mi + memory: 512Mi limits: memory: 512Mi topologySpreadConstraints: diff --git a/stacks/platform/modules/monitoring/prometheus_chart_values.tpl b/stacks/platform/modules/monitoring/prometheus_chart_values.tpl index 9f796c3f..253a4ddd 100755 --- a/stacks/platform/modules/monitoring/prometheus_chart_values.tpl +++ b/stacks/platform/modules/monitoring/prometheus_chart_values.tpl @@ -123,8 +123,20 @@ alertmanager: # web.external-url seems to be hardcoded, edited deployment manually # extraArgs: # web.external-url: "https://prometheus.viktorbarzin.me" + resources: + requests: + cpu: 25m + memory: 256Mi + limits: + memory: 256Mi prometheus-node-exporter: enabled: true + resources: + requests: + cpu: 25m + memory: 100Mi + limits: + memory: 100Mi server: # Enable me to delete metrics extraFlags: diff --git a/stacks/platform/modules/monitoring/pve_exporter.tf b/stacks/platform/modules/monitoring/pve_exporter.tf index ed3504bc..4c103297 100644 --- a/stacks/platform/modules/monitoring/pve_exporter.tf +++ b/stacks/platform/modules/monitoring/pve_exporter.tf @@ -49,6 +49,16 @@ resource "kubernetes_deployment" "pve_exporter" { container_port = 9221 } + resources { + requests = { + cpu = "15m" + memory = "256Mi" + } + limits = { + memory = "256Mi" + } + } + # Mount the file into the container volume_mount { name = "config-volume" diff --git a/stacks/platform/modules/monitoring/snmp_exporter.tf b/stacks/platform/modules/monitoring/snmp_exporter.tf index 530e6bda..07eaf39a 100644 --- a/stacks/platform/modules/monitoring/snmp_exporter.tf +++ b/stacks/platform/modules/monitoring/snmp_exporter.tf @@ -54,6 +54,17 @@ resource "kubernetes_deployment" "snmp-exporter" { image = "prom/snmp-exporter" name = "snmp-exporter" # command = ["/usr/local/bin/redfish_exporter", "--config.file", "/app/config.yml"] + + resources { + requests = { + cpu = "10m" + memory = "256Mi" + } + limits = { + memory = "256Mi" + } + } + port { container_port = 9116 } diff --git a/stacks/platform/modules/nfs-csi/main.tf b/stacks/platform/modules/nfs-csi/main.tf index a7bbe544..962a1fe4 100644 --- a/stacks/platform/modules/nfs-csi/main.tf +++ b/stacks/platform/modules/nfs-csi/main.tf @@ -24,14 +24,42 @@ resource "helm_release" "nfs_csi_driver" { controller = { replicas = 2 resources = { - requests = { cpu = "10m", memory = "32Mi" } - limits = { memory = "128Mi" } + csiProvisioner = { + requests = { cpu = "10m", memory = "128Mi" } + limits = { memory = "128Mi" } + } + csiResizer = { + requests = { cpu = "10m", memory = "128Mi" } + limits = { memory = "128Mi" } + } + csiSnapshotter = { + requests = { cpu = "10m", memory = "128Mi" } + limits = { memory = "128Mi" } + } + nfs = { + requests = { cpu = "10m", memory = "128Mi" } + limits = { memory = "128Mi" } + } + livenessProbe = { + requests = { cpu = "10m", memory = "64Mi" } + limits = { memory = "64Mi" } + } } } node = { resources = { - requests = { cpu = "10m", memory = "32Mi" } - limits = { memory = "128Mi" } + nfs = { + requests = { cpu = "10m", memory = "128Mi" } + limits = { memory = "128Mi" } + } + livenessProbe = { + requests = { cpu = "10m", memory = "64Mi" } + limits = { memory = "64Mi" } + } + nodeDriverRegistrar = { + requests = { cpu = "10m", memory = "64Mi" } + limits = { memory = "64Mi" } + } } } storageClass = { diff --git a/stacks/platform/modules/nvidia/main.tf b/stacks/platform/modules/nvidia/main.tf index b01cef08..0acc37ba 100644 --- a/stacks/platform/modules/nvidia/main.tf +++ b/stacks/platform/modules/nvidia/main.tf @@ -617,7 +617,7 @@ resource "kubernetes_daemonset" "gpu_pod_exporter" { memory = "128Mi" } limits = { - memory = "256Mi" + memory = "128Mi" "nvidia.com/gpu" = "1" } } diff --git a/stacks/platform/modules/redis/main.tf b/stacks/platform/modules/redis/main.tf index 8395c9eb..5f5c5966 100644 --- a/stacks/platform/modules/redis/main.tf +++ b/stacks/platform/modules/redis/main.tf @@ -51,7 +51,7 @@ resource "helm_release" "redis" { memory = "64Mi" } limits = { - memory = "128Mi" + memory = "64Mi" } } } @@ -69,7 +69,7 @@ resource "helm_release" "redis" { memory = "64Mi" } limits = { - memory = "256Mi" + memory = "64Mi" } } } @@ -89,7 +89,7 @@ resource "helm_release" "redis" { memory = "64Mi" } limits = { - memory = "256Mi" + memory = "64Mi" } } } @@ -202,7 +202,7 @@ resource "kubernetes_deployment" "haproxy" { memory = "16Mi" } limits = { - memory = "32Mi" + memory = "16Mi" } } liveness_probe { diff --git a/stacks/platform/modules/sealed-secrets/main.tf b/stacks/platform/modules/sealed-secrets/main.tf index 876bb678..2175e5d8 100644 --- a/stacks/platform/modules/sealed-secrets/main.tf +++ b/stacks/platform/modules/sealed-secrets/main.tf @@ -35,10 +35,10 @@ resource "helm_release" "sealed_secrets" { resources = { requests = { cpu = "50m" - memory = "64Mi" + memory = "192Mi" } limits = { - memory = "256Mi" + memory = "192Mi" } } })] diff --git a/stacks/platform/modules/technitium/ha.tf b/stacks/platform/modules/technitium/ha.tf index 1cab8289..8ad16b95 100644 --- a/stacks/platform/modules/technitium/ha.tf +++ b/stacks/platform/modules/technitium/ha.tf @@ -106,7 +106,7 @@ resource "kubernetes_deployment" "technitium_secondary" { resources { requests = { cpu = "25m" - memory = "128Mi" + memory = "512Mi" } limits = { memory = "512Mi" diff --git a/stacks/platform/modules/technitium/main.tf b/stacks/platform/modules/technitium/main.tf index cd959115..305c7023 100644 --- a/stacks/platform/modules/technitium/main.tf +++ b/stacks/platform/modules/technitium/main.tf @@ -166,7 +166,7 @@ resource "kubernetes_deployment" "technitium" { resources { requests = { cpu = "25m" - memory = "128Mi" + memory = "512Mi" } limits = { memory = "512Mi" diff --git a/stacks/platform/modules/traefik/main.tf b/stacks/platform/modules/traefik/main.tf index 08a9c09b..39bdcd53 100644 --- a/stacks/platform/modules/traefik/main.tf +++ b/stacks/platform/modules/traefik/main.tf @@ -201,7 +201,10 @@ resource "helm_release" "traefik" { resources = { requests = { cpu = "100m" - memory = "128Mi" + memory = "384Mi" + } + limits = { + memory = "384Mi" } } @@ -391,10 +394,10 @@ resource "kubernetes_deployment" "bot_block_proxy" { resources { requests = { cpu = "5m" - memory = "32Mi" + memory = "64Mi" } limits = { - memory = "128Mi" + memory = "64Mi" } } } @@ -579,10 +582,10 @@ resource "kubernetes_deployment" "auth_proxy" { resources { requests = { cpu = "5m" - memory = "32Mi" + memory = "64Mi" } limits = { - memory = "128Mi" + memory = "64Mi" } } } diff --git a/stacks/platform/modules/vaultwarden/main.tf b/stacks/platform/modules/vaultwarden/main.tf index f1bb5ad8..ba1b850d 100644 --- a/stacks/platform/modules/vaultwarden/main.tf +++ b/stacks/platform/modules/vaultwarden/main.tf @@ -65,7 +65,7 @@ resource "kubernetes_deployment" "vaultwarden" { resources { requests = { cpu = "10m" - memory = "32Mi" + memory = "256Mi" } limits = { memory = "256Mi" diff --git a/stacks/platform/modules/vpa/main.tf b/stacks/platform/modules/vpa/main.tf index 2cc50643..f1d7d4e4 100644 --- a/stacks/platform/modules/vpa/main.tf +++ b/stacks/platform/modules/vpa/main.tf @@ -34,12 +34,39 @@ resource "helm_release" "vpa" { values = [yamlencode({ recommender = { enabled = true + resources = { + requests = { + cpu = "50m" + memory = "200Mi" + } + limits = { + memory = "200Mi" + } + } } updater = { enabled = true + resources = { + requests = { + cpu = "50m" + memory = "200Mi" + } + limits = { + memory = "200Mi" + } + } } admissionController = { enabled = true + resources = { + requests = { + cpu = "50m" + memory = "200Mi" + } + limits = { + memory = "200Mi" + } + } } })] } diff --git a/stacks/platform/modules/wireguard/main.tf b/stacks/platform/modules/wireguard/main.tf index aa24793d..a80b514b 100644 --- a/stacks/platform/modules/wireguard/main.tf +++ b/stacks/platform/modules/wireguard/main.tf @@ -144,10 +144,10 @@ resource "kubernetes_deployment" "wireguard" { resources { requests = { cpu = "10m" - memory = "16Mi" + memory = "64Mi" } limits = { - memory = "128Mi" + memory = "64Mi" } } } @@ -174,10 +174,10 @@ resource "kubernetes_deployment" "wireguard" { resources { requests = { cpu = "10m" - memory = "16Mi" + memory = "32Mi" } limits = { - memory = "64Mi" + memory = "32Mi" } } } diff --git a/stacks/platform/modules/xray/main.tf b/stacks/platform/modules/xray/main.tf index 23f2b5d4..ae258875 100644 --- a/stacks/platform/modules/xray/main.tf +++ b/stacks/platform/modules/xray/main.tf @@ -120,10 +120,10 @@ resource "kubernetes_deployment" "xray" { resources { requests = { cpu = "10m" - memory = "32Mi" + memory = "64Mi" } limits = { - memory = "128Mi" + memory = "64Mi" } } } diff --git a/stacks/servarr/aiostreams/main.tf b/stacks/servarr/aiostreams/main.tf index e5dbac65..b6f9ef2f 100644 --- a/stacks/servarr/aiostreams/main.tf +++ b/stacks/servarr/aiostreams/main.tf @@ -72,10 +72,10 @@ resource "kubernetes_deployment" "aiostreams" { resources { requests = { cpu = "25m" - memory = "256Mi" + memory = "768Mi" } limits = { - memory = "1Gi" + memory = "768Mi" } } } diff --git a/stacks/servarr/flaresolverr/main.tf b/stacks/servarr/flaresolverr/main.tf index f5fc9f94..bc8e002e 100644 --- a/stacks/servarr/flaresolverr/main.tf +++ b/stacks/servarr/flaresolverr/main.tf @@ -34,10 +34,10 @@ resource "kubernetes_deployment" "flaresolverr" { resources { requests = { cpu = "10m" - memory = "150Mi" + memory = "512Mi" } limits = { - memory = "384Mi" + memory = "512Mi" } } port { diff --git a/stacks/servarr/listenarr/main.tf b/stacks/servarr/listenarr/main.tf index a4e0c83f..fde9f5b6 100644 --- a/stacks/servarr/listenarr/main.tf +++ b/stacks/servarr/listenarr/main.tf @@ -59,10 +59,10 @@ resource "kubernetes_deployment" "listenarr" { resources { requests = { cpu = "25m" - memory = "256Mi" + memory = "768Mi" } limits = { - memory = "1Gi" + memory = "768Mi" } } } diff --git a/stacks/vault/main.tf b/stacks/vault/main.tf index d5f72194..98cef9a2 100644 --- a/stacks/vault/main.tf +++ b/stacks/vault/main.tf @@ -44,8 +44,8 @@ resource "helm_release" "vault" { enabled = true resources = { - requests = { memory = "128Mi", cpu = "100m" } - limits = { memory = "512Mi" } + requests = { memory = "384Mi", cpu = "100m" } + limits = { memory = "384Mi" } } # Allow scheduling on GPU node (node1)