[ci skip] fix OOM crashes: add resource limits for osrm-bicycle, aiostreams, listenarr, authentik

- osrm-bicycle: 1Gi limit (loads 403MB routing graph) - aiostreams: 768Mi limit (loads 44K anime entries) - listenarr: 1Gi limit (.NET + Playwright/Chromium) - authentik server: 1Gi limit, worker: 1Gi limit (Django + gunicorn) - servarr: pass nfs_server variable to all submodules
2026-02-28 17:03:33 +00:00 · 2026-02-28 17:03:33 +00:00 · 5318761336
commit 5318761336
parent de4dffbab7
5 changed files with 49 additions and 0 deletions
--- a/stacks/osm_routing/main.tf
+++ b/stacks/osm_routing/main.tf
@ -124,6 +124,16 @@ resource "kubernetes_deployment" "osrm-bicycle" {
            name       = "osrm-data"
            mount_path = "/data"
          }
+          resources {
+            requests = {
+              cpu    = "15m"
+              memory = "512Mi"
+            }
+            limits = {
+              cpu    = "250m"
+              memory = "1Gi"
+            }
+          }
        }
        volume {
          name = "osrm-data"
--- a/stacks/platform/modules/authentik/values.yaml
+++ b/stacks/platform/modules/authentik/values.yaml
@ -17,6 +17,13 @@ authentik:

 server:
  replicas: 3
+  resources:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      cpu: "2"
+      memory: 1Gi
  ingress:
    enabled: false
    # hosts:
@ -29,3 +36,10 @@ global:

 worker:
  replicas: 3
+  resources:
+    requests:
+      cpu: 50m
+      memory: 256Mi
+    limits:
+      cpu: "1"
+      memory: 1Gi
--- a/stacks/servarr/aiostreams/main.tf
+++ b/stacks/servarr/aiostreams/main.tf
@ -61,6 +61,16 @@ resource "kubernetes_deployment" "aiostreams" {
            name       = "data"
            mount_path = "/app/data"
          }
+          resources {
+            requests = {
+              cpu    = "50m"
+              memory = "256Mi"
+            }
+            limits = {
+              cpu    = "500m"
+              memory = "768Mi"
+            }
+          }
        }
        volume {
          name = "data"
--- a/stacks/servarr/listenarr/main.tf
+++ b/stacks/servarr/listenarr/main.tf
@ -40,6 +40,16 @@ resource "kubernetes_deployment" "listenarr" {
            name       = "data"
            mount_path = "/app/config"
          }
+          resources {
+            requests = {
+              cpu    = "25m"
+              memory = "256Mi"
+            }
+            limits = {
+              cpu    = "1"
+              memory = "1Gi"
+            }
+          }
        }
        volume {
          name = "data"
--- a/stacks/servarr/main.tf
+++ b/stacks/servarr/main.tf
@ -1,5 +1,6 @@
 variable "tls_secret_name" { type = string }
 variable "aiostreams_database_connection_string" { type = string }
+variable "nfs_server" { type = string }


 resource "kubernetes_namespace" "servarr" {
@ -28,12 +29,14 @@ module "prowlarr" {
  source          = "./prowlarr"
  tls_secret_name = var.tls_secret_name
  tier            = local.tiers.aux
+  nfs_server      = var.nfs_server
 }

 module "qbittorrent" {
  source          = "./qbittorrent"
  tls_secret_name = var.tls_secret_name
  tier            = local.tiers.aux
+  nfs_server      = var.nfs_server
 }

 module "flaresolverr" {
@ -58,6 +61,7 @@ module "listenarr" {
  source          = "./listenarr"
  tls_secret_name = var.tls_secret_name
  tier            = local.tiers.aux
+  nfs_server      = var.nfs_server
 }

 module "aiostreams" {
@ -65,4 +69,5 @@ module "aiostreams" {
  tls_secret_name                       = var.tls_secret_name
  aiostreams_database_connection_string = var.aiostreams_database_connection_string
  tier                                  = local.tiers.aux
+  nfs_server                            = var.nfs_server
 }