diff --git a/stacks/atuin/main.tf b/stacks/atuin/main.tf
index 0298b851..fb7cb75c 100644
--- a/stacks/atuin/main.tf
+++ b/stacks/atuin/main.tf
@@ -80,12 +80,12 @@ resource "kubernetes_deployment" "atuin" {
resources {
requests = {
- memory = "64Mi"
- cpu = "50m"
+ memory = "16Mi"
+ cpu = "10m"
}
limits = {
- memory = "256Mi"
- cpu = "500m"
+ memory = "128Mi"
+ cpu = "100m"
}
}
diff --git a/stacks/audiobookshelf/main.tf b/stacks/audiobookshelf/main.tf
index 04d77295..19c46255 100644
--- a/stacks/audiobookshelf/main.tf
+++ b/stacks/audiobookshelf/main.tf
@@ -70,6 +70,16 @@ resource "kubernetes_deployment" "audiobookshelf" {
name = "metadata"
mount_path = "/metadata"
}
+ resources {
+ requests = {
+ cpu = "15m"
+ memory = "64Mi"
+ }
+ limits = {
+ cpu = "250m"
+ memory = "512Mi"
+ }
+ }
}
volume {
name = "audiobooks"
diff --git a/stacks/blog/main.tf b/stacks/blog/main.tf
index 018eff14..9992204c 100644
--- a/stacks/blog/main.tf
+++ b/stacks/blog/main.tf
@@ -45,12 +45,12 @@ resource "kubernetes_deployment" "blog" {
name = "blog"
resources {
limits = {
- cpu = "0.5"
- memory = "512Mi"
+ cpu = "100m"
+ memory = "256Mi"
}
requests = {
- cpu = "250m"
- memory = "50Mi"
+ cpu = "10m"
+ memory = "32Mi"
}
}
port {
diff --git a/stacks/calibre/main.tf b/stacks/calibre/main.tf
index f8e02e88..57550545 100644
--- a/stacks/calibre/main.tf
+++ b/stacks/calibre/main.tf
@@ -158,11 +158,11 @@ resource "kubernetes_deployment" "calibre-web-automated" {
}
resources {
requests = {
- cpu = "50m"
+ cpu = "25m"
memory = "256Mi"
}
limits = {
- cpu = "1"
+ cpu = "500m"
memory = "1Gi"
}
}
diff --git a/stacks/changedetection/main.tf b/stacks/changedetection/main.tf
index 76f1fe15..fa53d9b2 100644
--- a/stacks/changedetection/main.tf
+++ b/stacks/changedetection/main.tf
@@ -58,6 +58,16 @@ resource "kubernetes_deployment" "changedetection" {
add = ["SYS_ADMIN"]
}
}
+ resources {
+ requests = {
+ cpu = "25m"
+ memory = "128Mi"
+ }
+ limits = {
+ cpu = "500m"
+ memory = "512Mi"
+ }
+ }
}
container {
@@ -88,6 +98,16 @@ resource "kubernetes_deployment" "changedetection" {
container_port = 5000
protocol = "TCP"
}
+ resources {
+ requests = {
+ cpu = "15m"
+ memory = "64Mi"
+ }
+ limits = {
+ cpu = "250m"
+ memory = "256Mi"
+ }
+ }
}
# security_context {
# fs_group = "1500"
diff --git a/stacks/city-guesser/main.tf b/stacks/city-guesser/main.tf
index 695e1f08..b723c28e 100644
--- a/stacks/city-guesser/main.tf
+++ b/stacks/city-guesser/main.tf
@@ -45,12 +45,12 @@ resource "kubernetes_deployment" "city-guesser" {
name = "city-guesser"
resources {
limits = {
- cpu = "0.5"
- memory = "512Mi"
+ cpu = "100m"
+ memory = "256Mi"
}
requests = {
- cpu = "250m"
- memory = "50Mi"
+ cpu = "10m"
+ memory = "32Mi"
}
}
port {
diff --git a/stacks/coturn/main.tf b/stacks/coturn/main.tf
index 511ca0f3..696cbe45 100644
--- a/stacks/coturn/main.tf
+++ b/stacks/coturn/main.tf
@@ -128,12 +128,12 @@ resource "kubernetes_deployment" "coturn" {
resources {
requests = {
- cpu = "100m"
- memory = "128Mi"
+ cpu = "10m"
+ memory = "32Mi"
}
limits = {
- cpu = "1"
- memory = "512Mi"
+ cpu = "100m"
+ memory = "128Mi"
}
}
}
diff --git a/stacks/cyberchef/main.tf b/stacks/cyberchef/main.tf
index 225c5454..5dc3370a 100644
--- a/stacks/cyberchef/main.tf
+++ b/stacks/cyberchef/main.tf
@@ -52,6 +52,16 @@ resource "kubernetes_deployment" "cyberchef" {
port {
container_port = 8000
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "32Mi"
+ }
+ limits = {
+ cpu = "100m"
+ memory = "128Mi"
+ }
+ }
}
}
}
diff --git a/stacks/dashy/main.tf b/stacks/dashy/main.tf
index 97803093..4c444946 100644
--- a/stacks/dashy/main.tf
+++ b/stacks/dashy/main.tf
@@ -67,12 +67,12 @@ resource "kubernetes_deployment" "dashy" {
resources {
requests = {
- cpu = "15m"
- memory = "64Mi"
+ cpu = "50m"
+ memory = "512Mi"
}
limits = {
- cpu = "500m"
- memory = "512Mi"
+ cpu = "2"
+ memory = "4Gi"
}
}
port {
diff --git a/stacks/dawarich/main.tf b/stacks/dawarich/main.tf
index f63e65c7..d0456de1 100644
--- a/stacks/dawarich/main.tf
+++ b/stacks/dawarich/main.tf
@@ -140,6 +140,16 @@ resource "kubernetes_deployment" "dawarich" {
# name = "watched"
# mount_path = "/var/app/tmp/imports/watched"
# }
+ resources {
+ requests = {
+ cpu = "15m"
+ memory = "256Mi"
+ }
+ limits = {
+ cpu = "250m"
+ memory = "1Gi"
+ }
+ }
}
# container {
# image = "freikin/dawarich:${var.image_version}"
diff --git a/stacks/diun/main.tf b/stacks/diun/main.tf
index f756b708..063ba6f5 100644
--- a/stacks/diun/main.tf
+++ b/stacks/diun/main.tf
@@ -163,6 +163,16 @@ resource "kubernetes_deployment" "diun" {
name = "data"
mount_path = "/data"
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "32Mi"
+ }
+ limits = {
+ cpu = "100m"
+ memory = "128Mi"
+ }
+ }
}
volume {
name = "data"
diff --git a/stacks/echo/main.tf b/stacks/echo/main.tf
index 0d6ff2d0..a7d3b5bd 100644
--- a/stacks/echo/main.tf
+++ b/stacks/echo/main.tf
@@ -49,6 +49,16 @@ resource "kubernetes_deployment" "echo" {
port {
container_port = 8443
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "32Mi"
+ }
+ limits = {
+ cpu = "100m"
+ memory = "128Mi"
+ }
+ }
}
}
}
diff --git a/stacks/excalidraw/main.tf b/stacks/excalidraw/main.tf
index 39de7e27..9e195edb 100644
--- a/stacks/excalidraw/main.tf
+++ b/stacks/excalidraw/main.tf
@@ -65,6 +65,16 @@ resource "kubernetes_deployment" "excalidraw" {
name = "data"
mount_path = "/data"
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "16Mi"
+ }
+ limits = {
+ cpu = "100m"
+ memory = "64Mi"
+ }
+ }
}
volume {
name = "data"
diff --git a/stacks/f1-stream/main.tf b/stacks/f1-stream/main.tf
index af08dd89..34402b3a 100644
--- a/stacks/f1-stream/main.tf
+++ b/stacks/f1-stream/main.tf
@@ -41,11 +41,11 @@ resource "kubernetes_deployment" "f1-stream" {
name = "f1-stream"
resources {
limits = {
- cpu = "500m"
+ cpu = "250m"
memory = "256Mi"
}
requests = {
- cpu = "50m"
+ cpu = "25m"
memory = "64Mi"
}
}
diff --git a/stacks/forgejo/main.tf b/stacks/forgejo/main.tf
index 884a9ac0..3cf37cc6 100644
--- a/stacks/forgejo/main.tf
+++ b/stacks/forgejo/main.tf
@@ -65,7 +65,7 @@ resource "kubernetes_deployment" "forgejo" {
memory = "64Mi"
}
limits = {
- cpu = "500m"
+ cpu = "250m"
memory = "512Mi"
}
}
diff --git a/stacks/freedify/factory/main.tf b/stacks/freedify/factory/main.tf
index 15504c02..8077d1f2 100755
--- a/stacks/freedify/factory/main.tf
+++ b/stacks/freedify/factory/main.tf
@@ -30,19 +30,19 @@ variable "gemini_api_key" {
}
variable "cpu_limit" {
type = string
- default = "500m"
+ default = "250m"
}
variable "memory_limit" {
type = string
- default = "512Mi"
+ default = "256Mi"
}
variable "cpu_request" {
type = string
- default = "100m"
+ default = "15m"
}
variable "memory_request" {
type = string
- default = "256Mi"
+ default = "64Mi"
}
diff --git a/stacks/freshrss/main.tf b/stacks/freshrss/main.tf
index 8fdd3fcb..a09b6a96 100644
--- a/stacks/freshrss/main.tf
+++ b/stacks/freshrss/main.tf
@@ -75,6 +75,16 @@ resource "kubernetes_deployment" "freshrss" {
container_port = 80
protocol = "TCP"
}
+ resources {
+ requests = {
+ cpu = "15m"
+ memory = "64Mi"
+ }
+ limits = {
+ cpu = "250m"
+ memory = "256Mi"
+ }
+ }
}
volume {
name = "data"
diff --git a/stacks/frigate/main.tf b/stacks/frigate/main.tf
index 8e476044..8d919bdc 100644
--- a/stacks/frigate/main.tf
+++ b/stacks/frigate/main.tf
@@ -65,7 +65,13 @@ resource "kubernetes_deployment" "frigate" {
name = "frigate"
resources {
+ requests = {
+ cpu = "500m"
+ memory = "2Gi"
+ }
limits = {
+ cpu = "4"
+ memory = "8Gi"
"nvidia.com/gpu" = "1"
}
}
diff --git a/stacks/hackmd/main.tf b/stacks/hackmd/main.tf
index b026eb80..4c8cf279 100644
--- a/stacks/hackmd/main.tf
+++ b/stacks/hackmd/main.tf
@@ -106,6 +106,16 @@ resource "kubernetes_deployment" "hackmd" {
container_port = 3000
protocol = "TCP"
}
+ resources {
+ requests = {
+ cpu = "15m"
+ memory = "64Mi"
+ }
+ limits = {
+ cpu = "250m"
+ memory = "512Mi"
+ }
+ }
}
security_context {
fs_group = "1500"
diff --git a/stacks/health/main.tf b/stacks/health/main.tf
index 4e8c93fd..19f38d04 100644
--- a/stacks/health/main.tf
+++ b/stacks/health/main.tf
@@ -83,12 +83,12 @@ resource "kubernetes_deployment" "health" {
resources {
requests = {
- memory = "256Mi"
- cpu = "100m"
+ memory = "64Mi"
+ cpu = "15m"
}
limits = {
- memory = "1Gi"
- cpu = "1"
+ memory = "256Mi"
+ cpu = "250m"
}
}
}
diff --git a/stacks/immich/main.tf b/stacks/immich/main.tf
index 2f05ec1e..c7a05d16 100644
--- a/stacks/immich/main.tf
+++ b/stacks/immich/main.tf
@@ -164,6 +164,16 @@ resource "kubernetes_deployment" "immich_server" {
name = "upload"
mount_path = "/usr/src/app/upload/upload"
}
+ resources {
+ requests = {
+ cpu = "100m"
+ memory = "256Mi"
+ }
+ limits = {
+ cpu = "2"
+ memory = "2Gi"
+ }
+ }
}
# volume {
@@ -293,6 +303,16 @@ resource "kubernetes_deployment" "immich-postgres" {
name = "postgresql-persistent-storage"
mount_path = "/var/lib/postgresql/data"
}
+ resources {
+ requests = {
+ cpu = "50m"
+ memory = "256Mi"
+ }
+ limits = {
+ cpu = "1"
+ memory = "1Gi"
+ }
+ }
}
volume {
name = "postgresql-persistent-storage"
@@ -425,8 +445,14 @@ resource "kubernetes_deployment" "immich-machine-learning" {
mount_path = "/cache"
}
resources {
+ requests = {
+ cpu = "100m"
+ memory = "1Gi"
+ }
limits = {
- "nvidia.com/gpu" = "1" # Used for inference
+ cpu = "2"
+ memory = "4Gi"
+ "nvidia.com/gpu" = "1"
}
}
}
diff --git a/stacks/isponsorblocktv/main.tf b/stacks/isponsorblocktv/main.tf
index e5bff04d..2cf285ce 100644
--- a/stacks/isponsorblocktv/main.tf
+++ b/stacks/isponsorblocktv/main.tf
@@ -43,6 +43,16 @@ resource "kubernetes_deployment" "isponsorblocktv-vermont" {
name = "data"
mount_path = "/app/data"
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "32Mi"
+ }
+ limits = {
+ cpu = "150m"
+ memory = "256Mi"
+ }
+ }
}
volume {
name = "data"
diff --git a/stacks/kms/main.tf b/stacks/kms/main.tf
index f79a5e3e..6c65c58e 100644
--- a/stacks/kms/main.tf
+++ b/stacks/kms/main.tf
@@ -58,12 +58,12 @@ resource "kubernetes_deployment" "kms-web-page" {
image_pull_policy = "IfNotPresent"
resources {
limits = {
- cpu = "0.5"
- memory = "512Mi"
+ cpu = "50m"
+ memory = "64Mi"
}
requests = {
- cpu = "0.5"
- memory = "512Mi"
+ cpu = "10m"
+ memory = "16Mi"
}
}
port {
@@ -147,12 +147,12 @@ resource "kubernetes_deployment" "windows_kms" {
name = "windows-kms"
resources {
limits = {
- cpu = "1"
- memory = "512Mi"
+ cpu = "100m"
+ memory = "128Mi"
}
requests = {
- cpu = "1"
- memory = "50Mi"
+ cpu = "10m"
+ memory = "32Mi"
}
}
port {
diff --git a/stacks/linkwarden/main.tf b/stacks/linkwarden/main.tf
index 10ccdfae..ce4ee60d 100644
--- a/stacks/linkwarden/main.tf
+++ b/stacks/linkwarden/main.tf
@@ -91,6 +91,16 @@ resource "kubernetes_deployment" "linkwarden" {
name = "AUTHENTIK_CLIENT_SECRET"
value = var.linkwarden_authentik_client_secret
}
+ resources {
+ requests = {
+ cpu = "25m"
+ memory = "256Mi"
+ }
+ limits = {
+ cpu = "500m"
+ memory = "1536Mi"
+ }
+ }
}
}
}
diff --git a/stacks/meshcentral/main.tf b/stacks/meshcentral/main.tf
index 2749797e..41811c38 100644
--- a/stacks/meshcentral/main.tf
+++ b/stacks/meshcentral/main.tf
@@ -95,8 +95,8 @@ resource "kubernetes_deployment" "meshcentral" {
memory = "64Mi"
}
limits = {
- cpu = "500m"
- memory = "384Mi"
+ cpu = "250m"
+ memory = "512Mi"
}
}
volume_mount {
diff --git a/stacks/n8n/main.tf b/stacks/n8n/main.tf
index a5bd7411..cf6b8385 100644
--- a/stacks/n8n/main.tf
+++ b/stacks/n8n/main.tf
@@ -102,6 +102,16 @@ resource "kubernetes_deployment" "n8n" {
container_port = 5678
protocol = "TCP"
}
+ resources {
+ requests = {
+ cpu = "25m"
+ memory = "256Mi"
+ }
+ limits = {
+ cpu = "500m"
+ memory = "1Gi"
+ }
+ }
}
volume {
name = "data"
diff --git a/stacks/navidrome/main.tf b/stacks/navidrome/main.tf
index e48300ec..16597414 100644
--- a/stacks/navidrome/main.tf
+++ b/stacks/navidrome/main.tf
@@ -66,6 +66,16 @@ resource "kubernetes_deployment" "navidrome" {
container_port = 4533
protocol = "TCP"
}
+ resources {
+ requests = {
+ cpu = "15m"
+ memory = "64Mi"
+ }
+ limits = {
+ cpu = "250m"
+ memory = "384Mi"
+ }
+ }
}
volume {
name = "data"
diff --git a/stacks/netbox/main.tf b/stacks/netbox/main.tf
index f3614440..645343f2 100644
--- a/stacks/netbox/main.tf
+++ b/stacks/netbox/main.tf
@@ -134,11 +134,11 @@ resource "kubernetes_deployment" "netbox" {
resources {
requests = {
cpu = "25m"
- memory = "64Mi"
+ memory = "256Mi"
}
limits = {
- cpu = "1"
- memory = "512Mi"
+ cpu = "500m"
+ memory = "1Gi"
}
}
port {
diff --git a/stacks/networking-toolbox/main.tf b/stacks/networking-toolbox/main.tf
index 0c129dcb..bf3f87de 100644
--- a/stacks/networking-toolbox/main.tf
+++ b/stacks/networking-toolbox/main.tf
@@ -46,6 +46,16 @@ resource "kubernetes_deployment" "networking-toolbox" {
port {
container_port = 3000
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "32Mi"
+ }
+ limits = {
+ cpu = "100m"
+ memory = "128Mi"
+ }
+ }
}
}
}
diff --git a/stacks/nextcloud/main.tf b/stacks/nextcloud/main.tf
index 84970260..835c3a2a 100644
--- a/stacks/nextcloud/main.tf
+++ b/stacks/nextcloud/main.tf
@@ -16,7 +16,7 @@ resource "kubernetes_namespace" "nextcloud" {
name = "nextcloud"
labels = {
"istio-injection" : "disabled"
- tier = local.tiers.edge
+ tier = local.tiers.edge
"resource-governance/custom-limitrange" = "true"
"resource-governance/custom-quota" = "true"
}
diff --git a/stacks/ntfy/main.tf b/stacks/ntfy/main.tf
index 1d556c9c..17b7366f 100644
--- a/stacks/ntfy/main.tf
+++ b/stacks/ntfy/main.tf
@@ -87,6 +87,16 @@ resource "kubernetes_deployment" "ntfy" {
name = "data"
mount_path = "/var/lib/ntfy/"
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "32Mi"
+ }
+ limits = {
+ cpu = "100m"
+ memory = "128Mi"
+ }
+ }
}
volume {
name = "data"
diff --git a/stacks/ollama/main.tf b/stacks/ollama/main.tf
index 0dda7d80..58d80e30 100644
--- a/stacks/ollama/main.tf
+++ b/stacks/ollama/main.tf
@@ -93,9 +93,9 @@ resource "kubernetes_deployment" "ollama" {
"gpu" = "true"
}
toleration {
- key = "nvidia.com/gpu"
- value = "true"
- effect = "NoSchedule"
+ key = "nvidia.com/gpu"
+ value = "true"
+ effect = "NoSchedule"
}
container {
image = "ollama/ollama:latest"
@@ -122,12 +122,10 @@ resource "kubernetes_deployment" "ollama" {
}
resources {
requests = {
- cpu = "500m"
- memory = "4Gi"
+ cpu = "100m"
+ memory = "256Mi"
}
limits = {
- cpu = "4"
- memory = "12Gi"
"nvidia.com/gpu" = "1"
}
}
@@ -271,6 +269,16 @@ resource "kubernetes_deployment" "ollama-ui" {
name = "data"
mount_path = "/app/backend/data"
}
+ resources {
+ requests = {
+ cpu = "25m"
+ memory = "256Mi"
+ }
+ limits = {
+ cpu = "500m"
+ memory = "1536Mi"
+ }
+ }
}
volume {
name = "data"
diff --git a/stacks/onlyoffice/main.tf b/stacks/onlyoffice/main.tf
index 978e730a..8bef58ad 100644
--- a/stacks/onlyoffice/main.tf
+++ b/stacks/onlyoffice/main.tf
@@ -11,9 +11,9 @@ resource "kubernetes_namespace" "onlyoffice" {
name = "onlyoffice"
labels = {
"istio-injection" : "disabled"
- tier = local.tiers.edge
- "resource-governance/custom-limitrange" = "true"
- "resource-governance/custom-quota" = "true"
+ tier = local.tiers.edge
+ "resource-governance/custom-limitrange" = "true"
+ "resource-governance/custom-quota" = "true"
}
}
}
@@ -92,11 +92,11 @@ resource "kubernetes_deployment" "onlyoffice-document-server" {
image = "onlyoffice/documentserver:8.2.3"
resources {
requests = {
- cpu = "250m"
+ cpu = "100m"
memory = "512Mi"
}
limits = {
- cpu = "8"
+ cpu = "2"
memory = "4Gi"
}
}
diff --git a/stacks/openclaw/main.tf b/stacks/openclaw/main.tf
index ce29e9f3..12328ba7 100644
--- a/stacks/openclaw/main.tf
+++ b/stacks/openclaw/main.tf
@@ -517,7 +517,7 @@ resource "kubernetes_deployment" "openclaw" {
resources {
limits = {
cpu = "500m"
- memory = "256Mi"
+ memory = "512Mi"
}
requests = {
cpu = "25m"
diff --git a/stacks/osm_routing/main.tf b/stacks/osm_routing/main.tf
index 1c1988d8..aad039a6 100644
--- a/stacks/osm_routing/main.tf
+++ b/stacks/osm_routing/main.tf
@@ -52,6 +52,16 @@ resource "kubernetes_deployment" "osrm-foot" {
name = "osrm-data"
mount_path = "/data"
}
+ resources {
+ requests = {
+ cpu = "15m"
+ memory = "256Mi"
+ }
+ limits = {
+ cpu = "100m"
+ memory = "1Gi"
+ }
+ }
}
volume {
name = "osrm-data"
@@ -127,10 +137,10 @@ resource "kubernetes_deployment" "osrm-bicycle" {
resources {
requests = {
cpu = "15m"
- memory = "512Mi"
+ memory = "256Mi"
}
limits = {
- cpu = "250m"
+ cpu = "100m"
memory = "1Gi"
}
}
diff --git a/stacks/owntracks/main.tf b/stacks/owntracks/main.tf
index 82e37c9b..b71bff25 100644
--- a/stacks/owntracks/main.tf
+++ b/stacks/owntracks/main.tf
@@ -94,6 +94,16 @@ resource "kubernetes_deployment" "owntracks" {
name = "data"
mount_path = "/config"
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "16Mi"
+ }
+ limits = {
+ cpu = "100m"
+ memory = "64Mi"
+ }
+ }
}
volume {
name = "data"
diff --git a/stacks/paperless-ngx/main.tf b/stacks/paperless-ngx/main.tf
index b9012225..37b4f7a1 100644
--- a/stacks/paperless-ngx/main.tf
+++ b/stacks/paperless-ngx/main.tf
@@ -112,12 +112,12 @@ resource "kubernetes_deployment" "paperless-ngx" {
resources {
requests = {
- cpu = "100m"
- memory = "256Mi"
+ cpu = "50m"
+ memory = "512Mi"
}
limits = {
- cpu = "2"
- memory = "1Gi"
+ cpu = "1"
+ memory = "2Gi"
}
}
diff --git a/stacks/platform/modules/cloudflared/main.tf b/stacks/platform/modules/cloudflared/main.tf
index 1231d8a1..3b9bc72a 100644
--- a/stacks/platform/modules/cloudflared/main.tf
+++ b/stacks/platform/modules/cloudflared/main.tf
@@ -60,6 +60,16 @@ resource "kubernetes_deployment" "cloudflared" {
port {
container_port = 14333
}
+ resources {
+ requests = {
+ cpu = "15m"
+ memory = "32Mi"
+ }
+ limits = {
+ cpu = "200m"
+ memory = "256Mi"
+ }
+ }
}
dns_config {
option {
diff --git a/stacks/platform/modules/crowdsec/main.tf b/stacks/platform/modules/crowdsec/main.tf
index 529cc883..1acf36bd 100644
--- a/stacks/platform/modules/crowdsec/main.tf
+++ b/stacks/platform/modules/crowdsec/main.tf
@@ -159,6 +159,16 @@ resource "kubernetes_deployment" "crowdsec-web" {
container_port = 8000
protocol = "TCP"
}
+ resources {
+ requests = {
+ cpu = "15m"
+ memory = "32Mi"
+ }
+ limits = {
+ cpu = "250m"
+ memory = "256Mi"
+ }
+ }
}
dns_config {
option {
diff --git a/stacks/platform/modules/dbaas/main.tf b/stacks/platform/modules/dbaas/main.tf
index 95363737..a4847099 100644
--- a/stacks/platform/modules/dbaas/main.tf
+++ b/stacks/platform/modules/dbaas/main.tf
@@ -221,8 +221,8 @@ resource "kubernetes_service" "mysql" {
spec {
publish_not_ready_addresses = true # bypass InnoDB Cluster readiness gate during partial failures
selector = {
- "component" = "mysqld"
- "mysql.oracle.com/cluster" = "mysql-cluster"
+ "component" = "mysqld"
+ "mysql.oracle.com/cluster" = "mysql-cluster"
"mysql.oracle.com/cluster-role" = "PRIMARY"
}
port {
@@ -477,6 +477,16 @@ resource "kubernetes_deployment" "phpmyadmin" {
name = "UPLOAD_LIMIT"
value = "300M"
}
+ resources {
+ requests = {
+ cpu = "15m"
+ memory = "32Mi"
+ }
+ limits = {
+ cpu = "250m"
+ memory = "256Mi"
+ }
+ }
}
dns_config {
option {
@@ -763,12 +773,12 @@ module "ingress" {
# Ensure the CNPG cluster manifest exists (idempotent kubectl apply)
resource "null_resource" "pg_cluster" {
triggers = {
- instances = "2"
- image = "ghcr.io/cloudnative-pg/postgis:16"
- storage_size = "20Gi"
- storage_class = "local-path"
- memory_limit = "4Gi"
- cpu_limit = "2"
+ instances = "2"
+ image = "ghcr.io/cloudnative-pg/postgis:16"
+ storage_size = "20Gi"
+ storage_class = "local-path"
+ memory_limit = "4Gi"
+ cpu_limit = "2"
}
provisioner "local-exec" {
@@ -900,6 +910,17 @@ resource "kubernetes_deployment" "pgadmin" {
mount_path = "/var/lib/pgadmin/"
}
+ resources {
+ requests = {
+ cpu = "25m"
+ memory = "128Mi"
+ }
+ limits = {
+ cpu = "500m"
+ memory = "512Mi"
+ }
+ }
+
}
volume {
name = "pgadmin"
diff --git a/stacks/platform/modules/k8s-portal/main.tf b/stacks/platform/modules/k8s-portal/main.tf
index aa671245..40217516 100644
--- a/stacks/platform/modules/k8s-portal/main.tf
+++ b/stacks/platform/modules/k8s-portal/main.tf
@@ -66,6 +66,16 @@ resource "kubernetes_deployment" "k8s_portal" {
mount_path = "/config"
read_only = true
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "32Mi"
+ }
+ limits = {
+ cpu = "100m"
+ memory = "128Mi"
+ }
+ }
}
volume {
diff --git a/stacks/platform/modules/mailserver/main.tf b/stacks/platform/modules/mailserver/main.tf
index 801600bf..ceaed435 100644
--- a/stacks/platform/modules/mailserver/main.tf
+++ b/stacks/platform/modules/mailserver/main.tf
@@ -351,6 +351,17 @@ resource "kubernetes_deployment" "mailserver" {
}
}
+ resources {
+ requests = {
+ cpu = "25m"
+ memory = "128Mi"
+ }
+ limits = {
+ cpu = "500m"
+ memory = "512Mi"
+ }
+ }
+
}
container {
@@ -370,6 +381,16 @@ resource "kubernetes_deployment" "mailserver" {
name = "var-run-dovecot"
mount_path = "/var/run/dovecot"
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "16Mi"
+ }
+ limits = {
+ cpu = "100m"
+ memory = "64Mi"
+ }
+ }
}
volume {
diff --git a/stacks/platform/modules/redis/main.tf b/stacks/platform/modules/redis/main.tf
index 60c13a75..85bcfec3 100644
--- a/stacks/platform/modules/redis/main.tf
+++ b/stacks/platform/modules/redis/main.tf
@@ -119,10 +119,10 @@ resource "kubernetes_service" "redis" {
}
spec {
selector = {
- "app.kubernetes.io/component" = "node"
- "app.kubernetes.io/instance" = "redis"
- "app.kubernetes.io/name" = "redis"
- "statefulset.kubernetes.io/pod-name" = "redis-node-0"
+ "app.kubernetes.io/component" = "node"
+ "app.kubernetes.io/instance" = "redis"
+ "app.kubernetes.io/name" = "redis"
+ "statefulset.kubernetes.io/pod-name" = "redis-node-0"
}
port {
name = "tcp-redis"
diff --git a/stacks/platform/modules/traefik/main.tf b/stacks/platform/modules/traefik/main.tf
index e73d58df..68fcf00a 100644
--- a/stacks/platform/modules/traefik/main.tf
+++ b/stacks/platform/modules/traefik/main.tf
@@ -380,11 +380,11 @@ resource "kubernetes_deployment" "bot_block_proxy" {
resources {
requests = {
cpu = "5m"
- memory = "16Mi"
+ memory = "32Mi"
}
limits = {
cpu = "50m"
- memory = "32Mi"
+ memory = "128Mi"
}
}
}
@@ -569,11 +569,11 @@ resource "kubernetes_deployment" "auth_proxy" {
resources {
requests = {
cpu = "5m"
- memory = "16Mi"
+ memory = "32Mi"
}
limits = {
cpu = "50m"
- memory = "32Mi"
+ memory = "128Mi"
}
}
}
diff --git a/stacks/platform/modules/traefik/middleware.tf b/stacks/platform/modules/traefik/middleware.tf
index 6d126db1..6e720e09 100644
--- a/stacks/platform/modules/traefik/middleware.tf
+++ b/stacks/platform/modules/traefik/middleware.tf
@@ -150,14 +150,14 @@ resource "kubernetes_manifest" "middleware_crowdsec" {
spec = {
plugin = {
crowdsec-bouncer = {
- crowdsecLapiKey = var.crowdsec_api_key
- crowdsecLapiHost = "crowdsec-service.crowdsec.svc.cluster.local:8080"
- crowdsecMode = "stream"
- updateMaxFailure = -1 # fail-open: serve from cache when LAPI is unreachable
- redisCacheEnabled = true
- redisCacheHost = var.redis_host
- redisCacheUnreachableBlock = false # don't block traffic if Redis is also unreachable
- clientTrustedIPs = ["10.0.20.0/24", "10.10.0.0/16"] # node + pod CIDRs bypass CrowdSec
+ crowdsecLapiKey = var.crowdsec_api_key
+ crowdsecLapiHost = "crowdsec-service.crowdsec.svc.cluster.local:8080"
+ crowdsecMode = "stream"
+ updateMaxFailure = -1 # fail-open: serve from cache when LAPI is unreachable
+ redisCacheEnabled = true
+ redisCacheHost = var.redis_host
+ redisCacheUnreachableBlock = false # don't block traffic if Redis is also unreachable
+ clientTrustedIPs = ["10.0.20.0/24", "10.10.0.0/16"] # node + pod CIDRs bypass CrowdSec
}
}
}
diff --git a/stacks/platform/modules/vaultwarden/main.tf b/stacks/platform/modules/vaultwarden/main.tf
index 53b349a3..8ff8d6a7 100644
--- a/stacks/platform/modules/vaultwarden/main.tf
+++ b/stacks/platform/modules/vaultwarden/main.tf
@@ -56,11 +56,11 @@ resource "kubernetes_deployment" "vaultwarden" {
resources {
requests = {
- cpu = "50m"
- memory = "64Mi"
+ cpu = "10m"
+ memory = "32Mi"
}
limits = {
- cpu = "200m"
+ cpu = "100m"
memory = "256Mi"
}
}
diff --git a/stacks/platform/modules/wireguard/main.tf b/stacks/platform/modules/wireguard/main.tf
index 162b230e..1df0a610 100644
--- a/stacks/platform/modules/wireguard/main.tf
+++ b/stacks/platform/modules/wireguard/main.tf
@@ -141,6 +141,16 @@ resource "kubernetes_deployment" "wireguard" {
add = ["NET_ADMIN", "SYS_MODULE"]
}
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "16Mi"
+ }
+ limits = {
+ cpu = "100m"
+ memory = "128Mi"
+ }
+ }
}
container {
@@ -162,6 +172,16 @@ resource "kubernetes_deployment" "wireguard" {
container_port = 9586
protocol = "TCP"
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "16Mi"
+ }
+ limits = {
+ cpu = "50m"
+ memory = "64Mi"
+ }
+ }
}
volume {
name = "wg0-key"
diff --git a/stacks/platform/modules/xray/main.tf b/stacks/platform/modules/xray/main.tf
index 71d25839..7cbb2995 100644
--- a/stacks/platform/modules/xray/main.tf
+++ b/stacks/platform/modules/xray/main.tf
@@ -114,6 +114,16 @@ resource "kubernetes_deployment" "xray" {
mount_path = "/etc/xray/config.json"
sub_path = "config.json"
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "32Mi"
+ }
+ limits = {
+ cpu = "100m"
+ memory = "128Mi"
+ }
+ }
}
volume {
diff --git a/stacks/plotting-book/main.tf b/stacks/plotting-book/main.tf
index c52ed31f..9be1de57 100644
--- a/stacks/plotting-book/main.tf
+++ b/stacks/plotting-book/main.tf
@@ -60,12 +60,12 @@ resource "kubernetes_deployment" "plotting-book" {
}
resources {
requests = {
- memory = "128Mi"
- cpu = "50m"
+ memory = "32Mi"
+ cpu = "10m"
}
limits = {
- memory = "512Mi"
- cpu = "500m"
+ memory = "256Mi"
+ cpu = "100m"
}
}
}
diff --git a/stacks/privatebin/main.tf b/stacks/privatebin/main.tf
index 7fe97aa0..e286fc78 100644
--- a/stacks/privatebin/main.tf
+++ b/stacks/privatebin/main.tf
@@ -56,6 +56,16 @@ resource "kubernetes_deployment" "privatebin" {
mount_path = "/srv/data"
sub_path = "data"
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "32Mi"
+ }
+ limits = {
+ cpu = "150m"
+ memory = "256Mi"
+ }
+ }
}
volume {
diff --git a/stacks/real-estate-crawler/main.tf b/stacks/real-estate-crawler/main.tf
index f8e9e993..c893816c 100644
--- a/stacks/real-estate-crawler/main.tf
+++ b/stacks/real-estate-crawler/main.tf
@@ -192,12 +192,12 @@ resource "kubernetes_deployment" "realestate-crawler-api" {
}
resources {
requests = {
- cpu = "50m"
- memory = "128Mi"
+ cpu = "15m"
+ memory = "64Mi"
}
limits = {
- cpu = "2000m"
- memory = "1Gi"
+ cpu = "250m"
+ memory = "512Mi"
}
}
volume_mount {
@@ -408,7 +408,7 @@ resource "kubernetes_deployment" "realestate-crawler-celery-beat" {
memory = "64Mi"
}
limits = {
- cpu = "200m"
+ cpu = "100m"
memory = "256Mi"
}
}
diff --git a/stacks/resume/main.tf b/stacks/resume/main.tf
index cf0b09ca..ad985088 100644
--- a/stacks/resume/main.tf
+++ b/stacks/resume/main.tf
@@ -74,11 +74,11 @@ resource "kubernetes_deployment" "printer" {
resources {
requests = {
memory = "128Mi"
- cpu = "50m"
+ cpu = "25m"
}
limits = {
- memory = "512Mi"
- cpu = "1"
+ memory = "1536Mi"
+ cpu = "500m"
}
}
@@ -221,12 +221,12 @@ resource "kubernetes_deployment" "resume" {
resources {
requests = {
- memory = "128Mi"
- cpu = "25m"
+ memory = "64Mi"
+ cpu = "15m"
}
limits = {
memory = "384Mi"
- cpu = "500m"
+ cpu = "250m"
}
}
diff --git a/stacks/rybbit/main.tf b/stacks/rybbit/main.tf
index 84f697b4..6503b787 100644
--- a/stacks/rybbit/main.tf
+++ b/stacks/rybbit/main.tf
@@ -30,6 +30,28 @@ locals {
}
+resource "kubernetes_config_map" "clickhouse_config" {
+ metadata {
+ name = "clickhouse-config"
+ namespace = kubernetes_namespace.rybbit.metadata[0].name
+ }
+ data = {
+ "docker_related_config.xml" = <<-XML
+
+ ::
+ 0.0.0.0
+ 1
+
+ XML
+ "disable-system-logs.xml" = <<-XML
+
+ 4
+ 16
+
+ XML
+ }
+}
+
resource "kubernetes_deployment" "clickhouse" {
metadata {
name = "clickhouse"
@@ -60,10 +82,6 @@ resource "kubernetes_deployment" "clickhouse" {
name = "CLICKHOUSE_DB"
value = local.clickhouse_db
}
- # env {
- # name = "CLICKHOUSE_USER"
- # value = "clickhouse"
- # }
env {
name = "CLICKHOUSE_PASSWORD"
value = var.clickhouse_password
@@ -77,6 +95,12 @@ resource "kubernetes_deployment" "clickhouse" {
name = "data"
mount_path = "/var/lib/clickhouse"
}
+ volume_mount {
+ name = "config"
+ mount_path = "/etc/clickhouse-server/config.d/zzz-custom.xml"
+ sub_path = "disable-system-logs.xml"
+ read_only = true
+ }
resources {
requests = {
cpu = "100m"
@@ -95,6 +119,12 @@ resource "kubernetes_deployment" "clickhouse" {
server = var.nfs_server
}
}
+ volume {
+ name = "config"
+ config_map {
+ name = kubernetes_config_map.clickhouse_config.metadata[0].name
+ }
+ }
}
}
}
@@ -208,6 +238,16 @@ resource "kubernetes_deployment" "rybbit" {
port {
container_port = 3001
}
+ resources {
+ requests = {
+ cpu = "25m"
+ memory = "128Mi"
+ }
+ limits = {
+ cpu = "250m"
+ memory = "512Mi"
+ }
+ }
}
}
}
@@ -274,6 +314,16 @@ resource "kubernetes_deployment" "rybbit-client" {
protocol = "TCP"
container_port = 3002
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "64Mi"
+ }
+ limits = {
+ cpu = "150m"
+ memory = "256Mi"
+ }
+ }
}
}
}
diff --git a/stacks/send/main.tf b/stacks/send/main.tf
index 663337cf..7288058d 100644
--- a/stacks/send/main.tf
+++ b/stacks/send/main.tf
@@ -80,6 +80,16 @@ resource "kubernetes_deployment" "send" {
name = "data"
mount_path = "/uploads"
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "32Mi"
+ }
+ limits = {
+ cpu = "150m"
+ memory = "256Mi"
+ }
+ }
}
volume {
name = "data"
diff --git a/stacks/servarr/aiostreams/main.tf b/stacks/servarr/aiostreams/main.tf
index 9a5e70e3..4f22ad7f 100644
--- a/stacks/servarr/aiostreams/main.tf
+++ b/stacks/servarr/aiostreams/main.tf
@@ -63,12 +63,12 @@ resource "kubernetes_deployment" "aiostreams" {
}
resources {
requests = {
- cpu = "50m"
+ cpu = "25m"
memory = "256Mi"
}
limits = {
cpu = "500m"
- memory = "768Mi"
+ memory = "1Gi"
}
}
}
diff --git a/stacks/shadowsocks/main.tf b/stacks/shadowsocks/main.tf
index 0b13ac51..18a8442b 100644
--- a/stacks/shadowsocks/main.tf
+++ b/stacks/shadowsocks/main.tf
@@ -64,6 +64,16 @@ resource "kubernetes_deployment" "shadowsocks" {
container_port = 8388
protocol = "UDP"
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "16Mi"
+ }
+ limits = {
+ cpu = "100m"
+ memory = "64Mi"
+ }
+ }
}
}
}
diff --git a/stacks/speedtest/main.tf b/stacks/speedtest/main.tf
index 14970393..5a2c6e2b 100644
--- a/stacks/speedtest/main.tf
+++ b/stacks/speedtest/main.tf
@@ -104,10 +104,10 @@ resource "kubernetes_deployment" "speedtest" {
resources {
requests = {
cpu = "25m"
- memory = "64Mi"
+ memory = "128Mi"
}
limits = {
- cpu = "500m"
+ cpu = "1"
memory = "512Mi"
}
}
diff --git a/stacks/stirling-pdf/main.tf b/stacks/stirling-pdf/main.tf
index 9e6c40bc..65311678 100644
--- a/stacks/stirling-pdf/main.tf
+++ b/stacks/stirling-pdf/main.tf
@@ -47,11 +47,11 @@ resource "kubernetes_deployment" "stirling-pdf" {
resources {
requests = {
cpu = "100m"
- memory = "256Mi"
+ memory = "512Mi"
}
limits = {
cpu = "2"
- memory = "1Gi"
+ memory = "2Gi"
}
}
diff --git a/stacks/tandoor/main.tf b/stacks/tandoor/main.tf
index 9f69e674..87bcab69 100644
--- a/stacks/tandoor/main.tf
+++ b/stacks/tandoor/main.tf
@@ -136,6 +136,16 @@ resource "kubernetes_deployment" "tandoor" {
name = "data"
mount_path = "/opt/recipes/staticfiles"
}
+ resources {
+ requests = {
+ cpu = "25m"
+ memory = "256Mi"
+ }
+ limits = {
+ cpu = "250m"
+ memory = "1536Mi"
+ }
+ }
}
volume {
diff --git a/stacks/tor-proxy/main.tf b/stacks/tor-proxy/main.tf
index f43a55af..9377b502 100644
--- a/stacks/tor-proxy/main.tf
+++ b/stacks/tor-proxy/main.tf
@@ -73,6 +73,16 @@ resource "kubernetes_deployment" "tor-proxy" {
container_port = 9050
protocol = "TCP"
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "64Mi"
+ }
+ limits = {
+ cpu = "150m"
+ memory = "256Mi"
+ }
+ }
# volume_mount {
# name = "tor-config"
# mount_path = "/etc/tor/torrc"
diff --git a/stacks/trading-bot/main.tf b/stacks/trading-bot/main.tf
index 187f5970..d4295ef1 100644
--- a/stacks/trading-bot/main.tf
+++ b/stacks/trading-bot/main.tf
@@ -47,7 +47,7 @@ resource "kubernetes_namespace" "trading-bot" {
metadata {
name = "trading-bot"
labels = {
- tier = local.tiers.edge
+ tier = local.tiers.edge
"resource-governance/custom-quota" = "true"
}
}
diff --git a/stacks/travel_blog/main.tf b/stacks/travel_blog/main.tf
index 5781369c..cfc22ad6 100644
--- a/stacks/travel_blog/main.tf
+++ b/stacks/travel_blog/main.tf
@@ -45,12 +45,12 @@ resource "kubernetes_deployment" "blog" {
name = "travel-blog"
resources {
limits = {
- cpu = "0.5"
- memory = "512Mi"
+ cpu = "100m"
+ memory = "256Mi"
}
requests = {
- cpu = "250m"
- memory = "50Mi"
+ cpu = "10m"
+ memory = "32Mi"
}
}
port {
diff --git a/stacks/tuya-bridge/main.tf b/stacks/tuya-bridge/main.tf
index 918e5c7f..875b3d30 100644
--- a/stacks/tuya-bridge/main.tf
+++ b/stacks/tuya-bridge/main.tf
@@ -66,6 +66,16 @@ resource "kubernetes_deployment" "tuya-bridge" {
name = "SLACK_URL"
value = var.tiny_tuya_slack_url
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "32Mi"
+ }
+ limits = {
+ cpu = "150m"
+ memory = "256Mi"
+ }
+ }
}
}
}
diff --git a/stacks/wealthfolio/main.tf b/stacks/wealthfolio/main.tf
index 6f2be13f..e81bd6fe 100644
--- a/stacks/wealthfolio/main.tf
+++ b/stacks/wealthfolio/main.tf
@@ -88,6 +88,16 @@ resource "kubernetes_deployment" "wealthfolio" {
name = "data"
mount_path = "/data"
}
+ resources {
+ requests = {
+ cpu = "10m"
+ memory = "32Mi"
+ }
+ limits = {
+ cpu = "100m"
+ memory = "128Mi"
+ }
+ }
}
volume {
name = "data"
diff --git a/stacks/webhook_handler/main.tf b/stacks/webhook_handler/main.tf
index 3bb3d833..1095e71d 100644
--- a/stacks/webhook_handler/main.tf
+++ b/stacks/webhook_handler/main.tf
@@ -110,12 +110,12 @@ resource "kubernetes_deployment" "webhook_handler" {
name = "webhook-handler"
resources {
limits = {
- cpu = "0.5"
- memory = "512Mi"
+ cpu = "100m"
+ memory = "256Mi"
}
requests = {
- cpu = "250m"
- memory = "50Mi"
+ cpu = "10m"
+ memory = "32Mi"
}
}
port {
diff --git a/stacks/whisper/main.tf b/stacks/whisper/main.tf
index 4f10e23c..05e206e3 100644
--- a/stacks/whisper/main.tf
+++ b/stacks/whisper/main.tf
@@ -67,6 +67,16 @@ resource "kubernetes_deployment" "whisper" {
name = "data"
mount_path = "/data"
}
+ resources {
+ requests = {
+ cpu = "25m"
+ memory = "256Mi"
+ }
+ limits = {
+ cpu = "500m"
+ memory = "1536Mi"
+ }
+ }
}
volume {
@@ -177,6 +187,16 @@ resource "kubernetes_deployment" "piper" {
name = "data"
mount_path = "/data"
}
+ resources {
+ requests = {
+ cpu = "25m"
+ memory = "64Mi"
+ }
+ limits = {
+ cpu = "250m"
+ memory = "512Mi"
+ }
+ }
}
volume {