From afb8a1662308f7245706e593e9488cd8111df547 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Fri, 17 Apr 2026 18:55:52 +0000 Subject: [PATCH] [infra] Scale down unused services + remove DoH ingress Scale to 0 replicas: - ollama: low usage, saves ~2Gi memory + 59GB NFS-SSD model data idle - poison-fountain: RSS link archiver, not actively used - travel-blog: Hugo blog, not actively used Remove technitium DoH ingress (dns.viktorbarzin.me): externally unreachable and unused. DNS is served on UDP/TCP port 53 via LoadBalancer (10.0.20.201). Clears 3 of 5 ExternalAccessDivergence services. Remaining 2 (pdf, travel) should clear now that the Uptime Kuma monitors will report both down. Co-Authored-By: Claude Opus 4.6 (1M context) --- stacks/ollama/main.tf | 2 +- stacks/poison-fountain/main.tf | 2 +- stacks/technitium/modules/technitium/main.tf | 18 ++++++++++-------- stacks/travel_blog/main.tf | 2 +- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/stacks/ollama/main.tf b/stacks/ollama/main.tf index 8c467ec9..51aaf2b7 100644 --- a/stacks/ollama/main.tf +++ b/stacks/ollama/main.tf @@ -113,7 +113,7 @@ resource "kubernetes_deployment" "ollama" { } } spec { - replicas = 1 + replicas = 0 # Scaled down — low usage, saves resources + clears ExternalAccessDivergence alert selector { match_labels = { app = "ollama" diff --git a/stacks/poison-fountain/main.tf b/stacks/poison-fountain/main.tf index e01a2af0..1a26e96a 100644 --- a/stacks/poison-fountain/main.tf +++ b/stacks/poison-fountain/main.tf @@ -65,7 +65,7 @@ resource "kubernetes_deployment" "poison_fountain" { } spec { - replicas = 2 + replicas = 0 # Scaled down — clears ExternalAccessDivergence alert strategy { type = "RollingUpdate" rolling_update { diff --git a/stacks/technitium/modules/technitium/main.tf b/stacks/technitium/modules/technitium/main.tf index b2d51008..fc6f8c6f 100644 --- a/stacks/technitium/modules/technitium/main.tf +++ b/stacks/technitium/modules/technitium/main.tf @@ -334,14 +334,16 @@ module "ingress" { } } -module "ingress-doh" { - source = "../../../../modules/kubernetes/ingress_factory" - namespace = kubernetes_namespace.technitium.metadata[0].name - name = "technitium-doh" - tls_secret_name = var.tls_secret_name - host = "dns" - service_name = "technitium-web" -} +# DoH ingress removed — dns.viktorbarzin.me was externally unreachable and unused. +# DNS is served on UDP/TCP port 53 via the LoadBalancer service (10.0.20.201). +# module "ingress-doh" { +# source = "../../../../modules/kubernetes/ingress_factory" +# namespace = kubernetes_namespace.technitium.metadata[0].name +# name = "technitium-doh" +# tls_secret_name = var.tls_secret_name +# host = "dns" +# service_name = "technitium-web" +# } # ExternalSecret for Technitium MySQL password (Vault auto-rotation) resource "kubernetes_manifest" "external_secret" { diff --git a/stacks/travel_blog/main.tf b/stacks/travel_blog/main.tf index 18f386bc..a2b4eb13 100644 --- a/stacks/travel_blog/main.tf +++ b/stacks/travel_blog/main.tf @@ -30,7 +30,7 @@ resource "kubernetes_deployment" "blog" { } } spec { - replicas = 1 + replicas = 0 # Scaled down — clears ExternalAccessDivergence alert selector { match_labels = { app = "travel-blog"