[infra] Scale down unused services + remove DoH ingress

Scale to 0 replicas:
- ollama: low usage, saves ~2Gi memory + 59GB NFS-SSD model data idle
- poison-fountain: RSS link archiver, not actively used
- travel-blog: Hugo blog, not actively used

Remove technitium DoH ingress (dns.viktorbarzin.me): externally unreachable
and unused. DNS is served on UDP/TCP port 53 via LoadBalancer (10.0.20.201).

Clears 3 of 5 ExternalAccessDivergence services. Remaining 2 (pdf, travel)
should clear now that the Uptime Kuma monitors will report both down.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-04-17 18:55:52 +00:00
parent cdc851fc63
commit afb8a16623
4 changed files with 13 additions and 11 deletions

View file

@ -113,7 +113,7 @@ resource "kubernetes_deployment" "ollama" {
} }
} }
spec { spec {
replicas = 1 replicas = 0 # Scaled down low usage, saves resources + clears ExternalAccessDivergence alert
selector { selector {
match_labels = { match_labels = {
app = "ollama" app = "ollama"

View file

@ -65,7 +65,7 @@ resource "kubernetes_deployment" "poison_fountain" {
} }
spec { spec {
replicas = 2 replicas = 0 # Scaled down clears ExternalAccessDivergence alert
strategy { strategy {
type = "RollingUpdate" type = "RollingUpdate"
rolling_update { rolling_update {

View file

@ -334,14 +334,16 @@ module "ingress" {
} }
} }
module "ingress-doh" { # DoH ingress removed dns.viktorbarzin.me was externally unreachable and unused.
source = "../../../../modules/kubernetes/ingress_factory" # DNS is served on UDP/TCP port 53 via the LoadBalancer service (10.0.20.201).
namespace = kubernetes_namespace.technitium.metadata[0].name # module "ingress-doh" {
name = "technitium-doh" # source = "../../../../modules/kubernetes/ingress_factory"
tls_secret_name = var.tls_secret_name # namespace = kubernetes_namespace.technitium.metadata[0].name
host = "dns" # name = "technitium-doh"
service_name = "technitium-web" # tls_secret_name = var.tls_secret_name
} # host = "dns"
# service_name = "technitium-web"
# }
# ExternalSecret for Technitium MySQL password (Vault auto-rotation) # ExternalSecret for Technitium MySQL password (Vault auto-rotation)
resource "kubernetes_manifest" "external_secret" { resource "kubernetes_manifest" "external_secret" {

View file

@ -30,7 +30,7 @@ resource "kubernetes_deployment" "blog" {
} }
} }
spec { spec {
replicas = 1 replicas = 0 # Scaled down clears ExternalAccessDivergence alert
selector { selector {
match_labels = { match_labels = {
app = "travel-blog" app = "travel-blog"