[ci skip] Add tier labels to all namespace resources for Kyverno resource governance

Added `tier = var.tier` to kubernetes_namespace labels in ~73 service modules. This enables Kyverno to generate LimitRange defaults, ResourceQuotas, and PriorityClass injection for all namespaces. Previously only 11 namespaces had tier labels; now all 80 active namespaces are labeled. All pods restarted in rolling waves to pick up the new policies.
2026-02-21 23:38:05 +00:00 · 2026-02-21 23:38:05 +00:00 · d345841ef2
commit d345841ef2
parent 517f5d6a6c
66 changed files with 135 additions and 12 deletions
--- a/modules/kubernetes/drone/main.tf
+++ b/modules/kubernetes/drone/main.tf
@ -19,6 +19,7 @@ resource "kubernetes_namespace" "drone" {
    name = "drone"
    labels = {
      "resource-governance/custom-quota" = "true"
+      tier                               = var.tier
    }
  }
 }
@ -30,10 +31,10 @@ resource "kubernetes_resource_quota" "drone" {
  }
  spec {
    hard = {
-      "requests.cpu"    = "8"
-      "requests.memory" = "8Gi"
-      "limits.cpu"      = "16"
-      "limits.memory"   = "32Gi"
+      "requests.cpu"    = "16"
+      "requests.memory" = "16Gi"
+      "limits.cpu"      = "48"
+      "limits.memory"   = "96Gi"
      pods              = "30"
    }
  }