Remove all CPU limits cluster-wide to eliminate CFS throttling

CPU limits cause CFS throttling even when nodes have idle capacity. Move to a request-only CPU model: keep CPU requests for scheduling fairness but remove all CPU limits. Memory limits stay (incompressible). Changes across 108 files: - Kyverno LimitRange policy: remove cpu from default/max in all 6 tiers - Kyverno ResourceQuota policy: remove limits.cpu from all 5 tiers - Custom ResourceQuotas: remove limits.cpu from 8 namespace quotas - Custom LimitRanges: remove cpu from default/max (nextcloud, onlyoffice) - RBAC module: remove cpu_limits variable and quota reference - Freedify factory: remove cpu_limit variable and limits reference - 86 deployment files: remove cpu from all limits blocks - 6 Helm values files: remove cpu under limits sections
2026-03-14 08:51:45 +00:00 · 2026-03-14 08:51:45 +00:00 · b00f810d3d
commit b00f810d3d
parent 120f83ce93
108 changed files with 609 additions and 435 deletions
--- a/stacks/platform/modules/k8s-portal/main.tf
+++ b/stacks/platform/modules/k8s-portal/main.tf
@ -75,7 +75,6 @@ resource "kubernetes_deployment" "k8s_portal" {
              memory = "32Mi"
            }
            limits = {
-              cpu    = "100m"
              memory = "128Mi"
            }
          }
@ -131,14 +130,14 @@ module "ingress" {
  }
 }

-# Unprotected ingress for the setup script (needs to be curl-able without auth)
+# Unprotected ingress for the setup script and agent endpoint (needs to be curl-able without auth)
 module "ingress_setup_script" {
  source          = "../../../../modules/kubernetes/ingress_factory"
  namespace       = kubernetes_namespace.k8s_portal.metadata[0].name
  name            = "k8s-portal-setup"
  host            = "k8s-portal"
  service_name    = "k8s-portal"
-  ingress_path    = ["/setup/script"]
+  ingress_path    = ["/setup/script", "/agent"]
  tls_secret_name = var.tls_secret_name
  protected       = false
 }