viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove all CPU limits cluster-wide to eliminate CFS throttling

Browse source 
CPU limits cause CFS throttling even when nodes have idle capacity.
Move to a request-only CPU model: keep CPU requests for scheduling
fairness but remove all CPU limits. Memory limits stay (incompressible).

Changes across 108 files:
- Kyverno LimitRange policy: remove cpu from default/max in all 6 tiers
- Kyverno ResourceQuota policy: remove limits.cpu from all 5 tiers
- Custom ResourceQuotas: remove limits.cpu from 8 namespace quotas
- Custom LimitRanges: remove cpu from default/max (nextcloud, onlyoffice)
- RBAC module: remove cpu_limits variable and quota reference
- Freedify factory: remove cpu_limit variable and limits reference
- 86 deployment files: remove cpu from all limits blocks
- 6 Helm values files: remove cpu under limits sections
This commit is contained in:
Viktor Barzin 2026-03-14 08:51:45 +00:00
parent 120f83ce93
commit b00f810d3d
108 changed files with 609 additions and 435 deletions
Download patch file Download diff file Expand all files Collapse all files

1
stacks/platform/modules/authentik/main.tf
View file

@ -35,7 +35,6 @@ resource "kubernetes_resource_quota" "authentik" {
hard = {
"requests.cpu" = "16"
"requests.memory" = "16Gi"
"limits.cpu" = "48"
"limits.memory" = "96Gi"
pods = "50"
}

2
stacks/platform/modules/authentik/values.yaml
View file

@ -22,7 +22,6 @@ server:
cpu: 100m
memory: 512Mi
limits:
cpu: "2"
memory: 1Gi
topologySpreadConstraints:
- maxSkew: 1
@ -51,7 +50,6 @@ worker:
cpu: 50m
memory: 384Mi
limits:
cpu: "1"
memory: 1Gi
topologySpreadConstraints:
- maxSkew: 1

1
stacks/platform/modules/cloudflared/main.tf
View file

@ -76,7 +76,6 @@ resource "kubernetes_deployment" "cloudflared" {
memory = "32Mi"
}
limits = {
cpu = "200m"
memory = "256Mi"
}
}

1
stacks/platform/modules/cnpg/main.tf
View file

@ -40,7 +40,6 @@ resource "helm_release" "cnpg" {
memory = "128Mi"
}
limits = {
cpu = "500m"
memory = "256Mi"
}
}

8
stacks/platform/modules/crowdsec/main.tf
View file

@ -4,12 +4,12 @@ variable "homepage_password" {}
variable "db_password" {}
variable "enroll_key" {}
variable "crowdsec_dash_api_key" {
type = string
type = string
sensitive = true
}
variable "crowdsec_dash_machine_id" { type = string } # used for web dash
variable "crowdsec_dash_machine_id" { type = string } # used for web dash
variable "crowdsec_dash_machine_password" {
type = string
type = string
sensitive = true
}
variable "tier" { type = string }
@ -171,7 +171,6 @@ resource "kubernetes_deployment" "crowdsec-web" {
memory = "32Mi"
}
limits = {
cpu = "250m"
memory = "256Mi"
}
}
@ -368,7 +367,6 @@ resource "kubernetes_resource_quota" "crowdsec" {
hard = {
"requests.cpu" = "8"
"requests.memory" = "8Gi"
"limits.cpu" = "16"
"limits.memory" = "16Gi"
pods = "30"
}

15
stacks/platform/modules/dbaas/main.tf
View file

@ -36,7 +36,6 @@ resource "kubernetes_resource_quota" "dbaas" {
hard = {
"requests.cpu" = "8"
"requests.memory" = "12Gi"
"limits.cpu" = "32"
"limits.memory" = "64Gi"
pods = "30"
}
@ -82,7 +81,6 @@ resource "helm_release" "mysql_operator" {
memory = "256Mi"
}
limits = {
cpu = "500m"
memory = "512Mi"
}
}
@ -186,7 +184,6 @@ resource "helm_release" "mysql_cluster" {
memory = "1Gi"
}
limits = {
cpu = "2"
memory = "4Gi"
}
}
@ -224,7 +221,6 @@ resource "helm_release" "mysql_cluster" {
}
limits = {
memory = "3Gi"
cpu = "2"
}
}
}]
@ -233,21 +229,21 @@ resource "helm_release" "mysql_cluster" {
name = "fixdatadir"
resources = {
requests = { memory = "64Mi", cpu = "25m" }
limits = { memory = "256Mi", cpu = "500m" }
limits = { memory = "256Mi" }
}
},
{
name = "initconf"
resources = {
requests = { memory = "256Mi", cpu = "50m" }
limits = { memory = "1Gi", cpu = "1" }
limits = { memory = "1Gi" }
}
},
{
name = "initmysql"
resources = {
requests = { memory = "512Mi", cpu = "250m" }
limits = { memory = "2Gi", cpu = "2" }
limits = { memory = "2Gi" }
}
}
]
@ -553,7 +549,6 @@ resource "kubernetes_deployment" "phpmyadmin" {
memory = "32Mi"
}
limits = {
cpu = "250m"
memory = "256Mi"
}
}
@ -848,7 +843,7 @@ resource "null_resource" "pg_cluster" {
storage_size = "20Gi"
storage_class = "iscsi-truenas"
memory_limit = "4Gi"
cpu_limit = "2"
}
provisioner "local-exec" {
@ -875,7 +870,6 @@ resource "null_resource" "pg_cluster" {
cpu: "250m"
memory: "512Mi"
limits:
cpu: "2"
memory: "4Gi"
EOF
EOT
@ -986,7 +980,6 @@ resource "kubernetes_deployment" "pgadmin" {
memory = "128Mi"
}
limits = {
cpu = "500m"
memory = "512Mi"
}
}

2
stacks/platform/modules/headscale/main.tf
View file

@ -82,7 +82,6 @@ resource "kubernetes_deployment" "headscale" {
memory = "64Mi"
}
limits = {
cpu = "200m"
memory = "256Mi"
}
}
@ -167,7 +166,6 @@ resource "kubernetes_deployment" "headscale" {
memory = "32Mi"
}
limits = {
cpu = "100m"
memory = "128Mi"
}
}

5
stacks/platform/modules/iscsi-csi/main.tf
View file

@ -35,10 +35,11 @@ resource "helm_release" "democratic_csi" {
}]
controller = {
replicas = 2
driver = {
resources = {
requests = { cpu = "25m", memory = "64Mi" }
limits = { cpu = "250m", memory = "256Mi" }
limits = { memory = "256Mi" }
}
}
}
@ -47,7 +48,7 @@ resource "helm_release" "democratic_csi" {
driver = {
resources = {
requests = { cpu = "25m", memory = "64Mi" }
limits = { cpu = "250m", memory = "256Mi" }
limits = { memory = "256Mi" }
}
}

5
stacks/platform/modules/k8s-portal/main.tf
View file

@ -75,7 +75,6 @@ resource "kubernetes_deployment" "k8s_portal" {
memory = "32Mi"
}
limits = {
cpu = "100m"
memory = "128Mi"
}
}
@ -131,14 +130,14 @@ module "ingress" {
}
}
# Unprotected ingress for the setup script (needs to be curl-able without auth)
# Unprotected ingress for the setup script and agent endpoint (needs to be curl-able without auth)
module "ingress_setup_script" {
source = "../../../../modules/kubernetes/ingress_factory"
namespace = kubernetes_namespace.k8s_portal.metadata[0].name
name = "k8s-portal-setup"
host = "k8s-portal"
service_name = "k8s-portal"
ingress_path = ["/setup/script"]
ingress_path = ["/setup/script", "/agent"]
tls_secret_name = var.tls_secret_name
protected = false
}

105
stacks/platform/modules/kyverno/resource-governance.tf
View file

@ -130,7 +130,6 @@ resource "kubernetes_manifest" "generate_limitrange_by_tier" {
{
type = "Container"
default = {
cpu = "500m"
memory = "512Mi"
}
defaultRequest = {
@ -138,7 +137,6 @@ resource "kubernetes_manifest" "generate_limitrange_by_tier" {
memory = "256Mi"
}
max = {
cpu = "4"
memory = "8Gi"
}
}
@ -189,7 +187,6 @@ resource "kubernetes_manifest" "generate_limitrange_by_tier" {
{
type = "Container"
default = {
cpu = "500m"
memory = "512Mi"
}
defaultRequest = {
@ -197,7 +194,6 @@ resource "kubernetes_manifest" "generate_limitrange_by_tier" {
memory = "256Mi"
}
max = {
cpu = "2"
memory = "4Gi"
}
}
@ -248,7 +244,6 @@ resource "kubernetes_manifest" "generate_limitrange_by_tier" {
{
type = "Container"
default = {
cpu = "1"
memory = "2Gi"
}
defaultRequest = {
@ -256,7 +251,6 @@ resource "kubernetes_manifest" "generate_limitrange_by_tier" {
memory = "1Gi"
}
max = {
cpu = "8"
memory = "16Gi"
}
}
@ -307,7 +301,6 @@ resource "kubernetes_manifest" "generate_limitrange_by_tier" {
{
type = "Container"
default = {
cpu = "250m"
memory = "256Mi"
}
defaultRequest = {
@ -315,7 +308,6 @@ resource "kubernetes_manifest" "generate_limitrange_by_tier" {
memory = "128Mi"
}
max = {
cpu = "2"
memory = "4Gi"
}
}
@ -366,7 +358,6 @@ resource "kubernetes_manifest" "generate_limitrange_by_tier" {
{
type = "Container"
default = {
cpu = "250m"
memory = "256Mi"
}
defaultRequest = {
@ -374,7 +365,6 @@ resource "kubernetes_manifest" "generate_limitrange_by_tier" {
memory = "128Mi"
}
max = {
cpu = "2"
memory = "4Gi"
}
}
@ -428,7 +418,6 @@ resource "kubernetes_manifest" "generate_limitrange_by_tier" {
{
type = "Container"
default = {
cpu = "250m"
memory = "256Mi"
}
defaultRequest = {
@ -436,7 +425,6 @@ resource "kubernetes_manifest" "generate_limitrange_by_tier" {
memory = "128Mi"
}
max = {
cpu = "1"
memory = "2Gi"
}
}
@ -517,7 +505,6 @@ resource "kubernetes_manifest" "generate_resourcequota_by_tier" {
hard = {
"requests.cpu" = "8"
"requests.memory" = "8Gi"
"limits.cpu" = "32"
"limits.memory" = "64Gi"
pods = "100"
}
@ -566,7 +553,6 @@ resource "kubernetes_manifest" "generate_resourcequota_by_tier" {
hard = {
"requests.cpu" = "4"
"requests.memory" = "4Gi"
"limits.cpu" = "16"
"limits.memory" = "32Gi"
pods = "30"
}
@ -615,7 +601,6 @@ resource "kubernetes_manifest" "generate_resourcequota_by_tier" {
hard = {
"requests.cpu" = "8"
"requests.memory" = "8Gi"
"limits.cpu" = "16"
"limits.memory" = "32Gi"
pods = "40"
}
@ -664,7 +649,6 @@ resource "kubernetes_manifest" "generate_resourcequota_by_tier" {
hard = {
"requests.cpu" = "4"
"requests.memory" = "4Gi"
"limits.cpu" = "16"
"limits.memory" = "32Gi"
pods = "30"
}
@ -713,7 +697,6 @@ resource "kubernetes_manifest" "generate_resourcequota_by_tier" {
hard = {
"requests.cpu" = "2"
"requests.memory" = "2Gi"
"limits.cpu" = "8"
"limits.memory" = "16Gi"
pods = "20"
}
@ -920,3 +903,91 @@ resource "kubernetes_manifest" "mutate_ndots" {
}
}
}
# -----------------------------------------------------------------------------
# Layer 5: GPU Node Toleration for Critical Services (Kyverno Mutate)
# -----------------------------------------------------------------------------
# Adds nvidia.com/gpu toleration to pods in tier-0 and tier-1 namespaces.
# This allows critical infrastructure to overflow onto the GPU node (k8s-node1)
# during N-1 scenarios, giving the scheduler ~14 GiB extra capacity.
# GPU workloads won't be preempted this just makes the node eligible.
resource "kubernetes_manifest" "mutate_gpu_toleration_critical" {
manifest = {
apiVersion = "kyverno.io/v1"
kind = "ClusterPolicy"
metadata = {
name = "gpu-toleration-critical-tiers"
annotations = {
"policies.kyverno.io/title" = "GPU Toleration for Critical Tiers"
"policies.kyverno.io/description" = "Adds nvidia.com/gpu toleration to pods in tier-0-core and tier-1-cluster namespaces so they can overflow onto the GPU node during N-1 failures."
}
}
spec = {
rules = [
{
name = "add-gpu-toleration-tier-0"
match = {
any = [
{
resources = {
kinds = ["Pod"]
operations = ["CREATE"]
namespaceSelector = {
matchLabels = {
tier = "0-core"
}
}
}
}
]
}
mutate = {
patchStrategicMerge = {
spec = {
tolerations = [
{
key = "nvidia.com/gpu"
operator = "Exists"
effect = "NoSchedule"
}
]
}
}
}
},
{
name = "add-gpu-toleration-tier-1"
match = {
any = [
{
resources = {
kinds = ["Pod"]
operations = ["CREATE"]
namespaceSelector = {
matchLabels = {
tier = "1-cluster"
}
}
}
}
]
}
mutate = {
patchStrategicMerge = {
spec = {
tolerations = [
{
key = "nvidia.com/gpu"
operator = "Exists"
effect = "NoSchedule"
}
]
}
}
}
},
]
}
}
}

2
stacks/platform/modules/mailserver/main.tf
View file

@ -365,7 +365,6 @@ resource "kubernetes_deployment" "mailserver" {
memory = "128Mi"
}
limits = {
cpu = "500m"
memory = "512Mi"
}
}
@ -395,7 +394,6 @@ resource "kubernetes_deployment" "mailserver" {
memory = "16Mi"
}
limits = {
cpu = "100m"
memory = "64Mi"
}
}

2
stacks/platform/modules/mailserver/roundcubemail.tf
View file

@ -1,5 +1,5 @@
variable "roundcube_db_password" {
type = string
type = string
sensitive = true
}
variable "mysql_host" { type = string }

1
stacks/platform/modules/monitoring/alloy.yaml
View file

@ -204,5 +204,4 @@ controller:
cpu: 50m
memory: 512Mi
limits:
cpu: 200m
memory: 1Gi

1
stacks/platform/modules/monitoring/caretta.tf
View file

@ -32,7 +32,6 @@ resource "helm_release" "caretta" {
memory = "300Mi"
}
limits = {
cpu = "200m"
memory = "512Mi"
}
}

1
stacks/platform/modules/monitoring/goflow2.tf
View file

@ -43,7 +43,6 @@ resource "kubernetes_deployment" "goflow2" {
memory = "64Mi"
}
limits = {
cpu = "200m"
memory = "256Mi"
}
}

1
stacks/platform/modules/monitoring/grafana_chart_values.yaml
View file

@ -7,7 +7,6 @@ resources:
cpu: 50m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
topologySpreadConstraints:
- maxSkew: 1

1
stacks/platform/modules/monitoring/loki.yaml
View file

@ -72,7 +72,6 @@ singleBinary:
cpu: 250m
memory: 2Gi
limits:
cpu: "1"
memory: 4Gi
# Zero out replica counts of other deployment modes

13
stacks/platform/modules/monitoring/main.tf
View file

@ -7,28 +7,28 @@ variable "idrac_username" {
default = "root"
}
variable "idrac_password" {
default = "calvin"
default = "calvin"
sensitive = true
}
variable "alertmanager_slack_api_url" {}
variable "tiny_tuya_service_secret" {
type = string
type = string
sensitive = true
}
variable "haos_api_token" {
type = string
type = string
sensitive = true
}
variable "pve_password" {
type = string
type = string
sensitive = true
}
variable "grafana_db_password" {
type = string
type = string
sensitive = true
}
variable "grafana_admin_password" {
type = string
type = string
sensitive = true
}
variable "tier" { type = string }
@ -211,7 +211,6 @@ resource "kubernetes_resource_quota" "monitoring" {
hard = {
"requests.cpu" = "16"
"requests.memory" = "16Gi"
"limits.cpu" = "64"
"limits.memory" = "64Gi"
pods = "100"
}

6
stacks/platform/modules/nfs-csi/main.tf
View file

@ -22,16 +22,16 @@ resource "helm_release" "nfs_csi_driver" {
values = [yamlencode({
controller = {
replicas = 1
replicas = 2
resources = {
requests = { cpu = "10m", memory = "32Mi" }
limits = { cpu = "100m", memory = "128Mi" }
limits = { memory = "128Mi" }
}
}
node = {
resources = {
requests = { cpu = "10m", memory = "32Mi" }
limits = { cpu = "100m", memory = "128Mi" }
limits = { memory = "128Mi" }
}
}
storageClass = {

2
stacks/platform/modules/nvidia/main.tf
View file

@ -25,7 +25,6 @@ resource "kubernetes_resource_quota" "nvidia_quota" {
}
spec {
hard = {
"limits.cpu" = "32"
"limits.memory" = "48Gi"
"requests.cpu" = "8"
"requests.memory" = "8Gi"
@ -618,7 +617,6 @@ resource "kubernetes_daemonset" "gpu_pod_exporter" {
memory = "128Mi"
}
limits = {
cpu = "200m"
memory = "256Mi"
"nvidia.com/gpu" = "1"
}

2
stacks/platform/modules/rbac/main.tf
View file

@ -9,7 +9,6 @@ variable "k8s_users" {
quota = optional(object({
cpu_requests = optional(string, "2")
memory_requests = optional(string, "4Gi")
cpu_limits = optional(string, "4")
memory_limits = optional(string, "8Gi")
pods = optional(string, "20")
}), {})
@ -225,7 +224,6 @@ resource "kubernetes_resource_quota" "user_namespace_quota" {
hard = {
"requests.cpu" = each.value.quota.cpu_requests
"requests.memory" = each.value.quota.memory_requests
"limits.cpu" = each.value.quota.cpu_limits
"limits.memory" = each.value.quota.memory_limits
"pods" = each.value.quota.pods
}

4
stacks/platform/modules/redis/main.tf
View file

@ -51,7 +51,6 @@ resource "helm_release" "redis" {
memory = "64Mi"
}
limits = {
cpu = "200m"
memory = "128Mi"
}
}
@ -70,7 +69,6 @@ resource "helm_release" "redis" {
memory = "64Mi"
}
limits = {
cpu = "500m"
memory = "256Mi"
}
}
@ -91,7 +89,6 @@ resource "helm_release" "redis" {
memory = "64Mi"
}
limits = {
cpu = "500m"
memory = "256Mi"
}
}
@ -205,7 +202,6 @@ resource "kubernetes_deployment" "haproxy" {
memory = "16Mi"
}
limits = {
cpu = "100m"
memory = "32Mi"
}
}

88
stacks/platform/modules/reverse_proxy/main.tf
View file

@ -73,16 +73,16 @@ module "nas" {
# https://files.viktorbarzin.me/
module "nas-files" {
source = "./factory"
name = "files"
external_name = "nas.viktorbarzin.lan"
port = 5001
tls_secret_name = var.tls_secret_name
backend_protocol = "HTTPS"
protected = false # allow anyone to download files
ingress_path = ["/sharing", "/scripts", "/webman", "/wfmlogindialog.js", "/fsdownload"]
max_body_size = "0m"
depends_on = [kubernetes_namespace.reverse-proxy]
source = "./factory"
name = "files"
external_name = "nas.viktorbarzin.lan"
port = 5001
tls_secret_name = var.tls_secret_name
backend_protocol = "HTTPS"
protected = false # allow anyone to download files
ingress_path = ["/sharing", "/scripts", "/webman", "/wfmlogindialog.js", "/fsdownload"]
max_body_size = "0m"
depends_on = [kubernetes_namespace.reverse-proxy]
extra_annotations = { "gethomepage.dev/enabled" = "false" }
}
@ -103,7 +103,7 @@ module "idrac" {
"gethomepage.dev/group" = "Infrastructure"
"gethomepage.dev/pod-selector" = ""
}
depends_on = [kubernetes_namespace.reverse-proxy]
depends_on = [kubernetes_namespace.reverse-proxy]
}
# Can either listen on https or http; can't do both :/
@ -197,24 +197,24 @@ module "docker-registry-ui" {
extra_annotations = {
# Override middleware chain to remove rate-limit; the UI fires many API calls to list repos/tags
"traefik.ingress.kubernetes.io/router.middlewares" = "traefik-csp-headers@kubernetescrd,traefik-crowdsec@kubernetescrd,traefik-authentik-forward-auth@kubernetescrd"
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "Docker Registry"
"gethomepage.dev/description" = "Container registry"
"gethomepage.dev/icon" = "docker.png"
"gethomepage.dev/group" = "Infrastructure"
"gethomepage.dev/pod-selector" = ""
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "Docker Registry"
"gethomepage.dev/description" = "Container registry"
"gethomepage.dev/icon" = "docker.png"
"gethomepage.dev/group" = "Infrastructure"
"gethomepage.dev/pod-selector" = ""
}
}
# https://valchedrym.viktorbarzin.me/
module "valchedrym" {
source = "./factory"
name = "valchedrym"
external_name = "valchedrym.viktorbarzin.lan"
tls_secret_name = var.tls_secret_name
port = 80
backend_protocol = "HTTP"
depends_on = [kubernetes_namespace.reverse-proxy]
source = "./factory"
name = "valchedrym"
external_name = "valchedrym.viktorbarzin.lan"
tls_secret_name = var.tls_secret_name
port = 80
backend_protocol = "HTTP"
depends_on = [kubernetes_namespace.reverse-proxy]
extra_annotations = { "gethomepage.dev/enabled" = "false" }
}
@ -235,12 +235,12 @@ module "valchedrym" {
# https://mladost3.viktorbarzin.me/
module "mladost3" {
source = "./factory"
name = "mladost3"
external_name = "mladost3.ddns.net"
port = 8080
tls_secret_name = var.tls_secret_name
depends_on = [kubernetes_namespace.reverse-proxy]
source = "./factory"
name = "mladost3"
external_name = "mladost3.ddns.net"
port = 8080
tls_secret_name = var.tls_secret_name
depends_on = [kubernetes_namespace.reverse-proxy]
extra_annotations = { "gethomepage.dev/enabled" = "false" }
}
@ -318,13 +318,13 @@ module "london" {
}
}
module "pi-lights" {
source = "./factory"
name = "pi"
external_name = "ha-london.viktorbarzin.lan"
port = 5000
tls_secret_name = var.tls_secret_name
protected = true
depends_on = [kubernetes_namespace.reverse-proxy]
source = "./factory"
name = "pi"
external_name = "ha-london.viktorbarzin.lan"
port = 5000
tls_secret_name = var.tls_secret_name
protected = true
depends_on = [kubernetes_namespace.reverse-proxy]
extra_annotations = { "gethomepage.dev/enabled" = "false" }
}
@ -345,12 +345,12 @@ module "pi-lights" {
# }
module "mbp14" {
source = "./factory"
name = "mbp14"
external_name = "mbp14.viktorbarzin.lan"
port = 4020
tls_secret_name = var.tls_secret_name
protected = true
depends_on = [kubernetes_namespace.reverse-proxy]
source = "./factory"
name = "mbp14"
external_name = "mbp14.viktorbarzin.lan"
port = 4020
tls_secret_name = var.tls_secret_name
protected = true
depends_on = [kubernetes_namespace.reverse-proxy]
extra_annotations = { "gethomepage.dev/enabled" = "false" }
}

1
stacks/platform/modules/sealed-secrets/main.tf
View file

@ -38,7 +38,6 @@ resource "helm_release" "sealed_secrets" {
memory = "64Mi"
}
limits = {
cpu = "250m"
memory = "256Mi"
}
}

1
stacks/platform/modules/technitium/ha.tf
View file

@ -109,7 +109,6 @@ resource "kubernetes_deployment" "technitium_secondary" {
memory = "128Mi"
}
limits = {
cpu = "500m"
memory = "512Mi"
}
}

3
stacks/platform/modules/technitium/main.tf
View file

@ -6,7 +6,7 @@ variable "nfs_server" { type = string }
variable "mysql_host" { type = string }
variable "technitium_username" { type = string }
variable "technitium_password" {
type = string
type = string
sensitive = true
}
@ -169,7 +169,6 @@ resource "kubernetes_deployment" "technitium" {
memory = "128Mi"
}
limits = {
cpu = "500m"
memory = "512Mi"
}
}

4
stacks/platform/modules/traefik/main.tf
View file

@ -1,6 +1,6 @@
variable "tier" { type = string }
variable "crowdsec_api_key" {
type = string
type = string
sensitive = true
}
variable "redis_host" { type = string }
@ -394,7 +394,6 @@ resource "kubernetes_deployment" "bot_block_proxy" {
memory = "32Mi"
}
limits = {
cpu = "50m"
memory = "128Mi"
}
}
@ -583,7 +582,6 @@ resource "kubernetes_deployment" "auth_proxy" {
memory = "32Mi"
}
limits = {
cpu = "50m"
memory = "128Mi"
}
}

1
stacks/platform/modules/uptime-kuma/main.tf
View file

@ -71,7 +71,6 @@ resource "kubernetes_deployment" "uptime-kuma" {
memory = "64Mi"
}
limits = {
cpu = "500m"
memory = "512Mi"
}
}

1
stacks/platform/modules/vaultwarden/main.tf
View file

@ -68,7 +68,6 @@ resource "kubernetes_deployment" "vaultwarden" {
memory = "32Mi"
}
limits = {
cpu = "100m"
memory = "256Mi"
}
}

2
stacks/platform/modules/vpa/main.tf
View file

@ -1,5 +1,5 @@
variable "tls_secret_name" {
type = string
type = string
sensitive = true
}
variable "tier" { type = string }

2
stacks/platform/modules/wireguard/main.tf
View file

@ -147,7 +147,6 @@ resource "kubernetes_deployment" "wireguard" {
memory = "16Mi"
}
limits = {
cpu = "100m"
memory = "128Mi"
}
}
@ -178,7 +177,6 @@ resource "kubernetes_deployment" "wireguard" {
memory = "16Mi"
}
limits = {
cpu = "50m"
memory = "64Mi"
}
}

3
stacks/platform/modules/xray/main.tf
View file

@ -2,7 +2,7 @@ variable "tls_secret_name" {}
variable "tier" { type = string }
variable "xray_reality_clients" { type = list(map(string)) }
variable "xray_reality_private_key" {
type = string
type = string
sensitive = true
}
variable "xray_reality_short_ids" { type = list(string) }
@ -123,7 +123,6 @@ resource "kubernetes_deployment" "xray" {
memory = "32Mi"
}
limits = {
cpu = "100m"
memory = "128Mi"
}
}