From f64c979ba5ad0e81a3a45bb830b33d65673c8ac1 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Sat, 28 Feb 2026 21:59:08 +0000 Subject: [PATCH] [ci skip] tune resource limits and requests across 10 services MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Critical OOM fixes (add/increase limits): - netbox: add 512Mi limit (was at 98.8% of Kyverno default 256Mi) - speedtest: add 512Mi limit (was at 80.9%) - meshcentral: add 384Mi limit (was at 72.7%) - ytdlp: uncomment resources, set 512Mi limit (was at 74.6%) Over-provisioned (reduce limits): - dashy: 2Gi → 512Mi (was using 135Mi) - redis master: 2Gi → 256Mi (was using 14Mi) - redis replica: 1Gi → 256Mi (was using 12Mi) - resume printer: 2Gi → 512Mi (was using 108Mi) - resume app: 1Gi → 384Mi (was using 125Mi) - openclaw: 4Gi → 1Gi (was using 372Mi) Under-provisioned requests (increase): - authentik server: 256Mi → 512Mi request (actual ~560Mi) - authentik worker: 256Mi → 384Mi request (actual ~400Mi) New explicit resources (previously Kyverno defaults): - forgejo: add 512Mi limit, 64Mi request --- stacks/dashy/main.tf | 8 +++--- stacks/forgejo/main.tf | 10 +++++++ stacks/meshcentral/main.tf | 10 +++++++ stacks/netbox/main.tf | 10 +++++++ stacks/openclaw/main.tf | 4 +-- stacks/platform/modules/authentik/values.yaml | 4 +-- stacks/platform/modules/redis/main.tf | 22 ++++++++-------- stacks/resume/main.tf | 16 ++++++------ stacks/speedtest/main.tf | 10 +++++++ stacks/ytdlp/main.tf | 26 +++++++++---------- 10 files changed, 80 insertions(+), 40 deletions(-) diff --git a/stacks/dashy/main.tf b/stacks/dashy/main.tf index 1830b515..97803093 100644 --- a/stacks/dashy/main.tf +++ b/stacks/dashy/main.tf @@ -67,12 +67,12 @@ resource "kubernetes_deployment" "dashy" { resources { requests = { - cpu = "50m" - memory = "256Mi" + cpu = "15m" + memory = "64Mi" } limits = { - cpu = "1" - memory = "2Gi" + cpu = "500m" + memory = "512Mi" } } port { diff --git a/stacks/forgejo/main.tf b/stacks/forgejo/main.tf index 5852d346..884a9ac0 100644 --- a/stacks/forgejo/main.tf +++ b/stacks/forgejo/main.tf @@ -59,6 +59,16 @@ resource "kubernetes_deployment" "forgejo" { name = "data" mount_path = "/data" } + resources { + requests = { + cpu = "15m" + memory = "64Mi" + } + limits = { + cpu = "500m" + memory = "512Mi" + } + } port { name = "http" container_port = 3000 diff --git a/stacks/meshcentral/main.tf b/stacks/meshcentral/main.tf index ba777b51..2749797e 100644 --- a/stacks/meshcentral/main.tf +++ b/stacks/meshcentral/main.tf @@ -89,6 +89,16 @@ resource "kubernetes_deployment" "meshcentral" { name = "files" mount_path = "/opt/meshcentral/meshcentral-files" } + resources { + requests = { + cpu = "15m" + memory = "64Mi" + } + limits = { + cpu = "500m" + memory = "384Mi" + } + } volume_mount { name = "backups" mount_path = "/opt/meshcentral/meshcentral-backups" diff --git a/stacks/netbox/main.tf b/stacks/netbox/main.tf index 457ab7e0..f3614440 100644 --- a/stacks/netbox/main.tf +++ b/stacks/netbox/main.tf @@ -131,6 +131,16 @@ resource "kubernetes_deployment" "netbox" { value = "Europe/Sofia" } + resources { + requests = { + cpu = "25m" + memory = "64Mi" + } + limits = { + cpu = "1" + memory = "512Mi" + } + } port { container_port = 8080 } diff --git a/stacks/openclaw/main.tf b/stacks/openclaw/main.tf index ede9990e..701a4656 100644 --- a/stacks/openclaw/main.tf +++ b/stacks/openclaw/main.tf @@ -403,10 +403,10 @@ resource "kubernetes_deployment" "openclaw" { } resources { limits = { - memory = "4Gi" + memory = "1Gi" } requests = { - memory = "256Mi" + memory = "64Mi" } } } diff --git a/stacks/platform/modules/authentik/values.yaml b/stacks/platform/modules/authentik/values.yaml index eb0f5c0f..55b56e68 100644 --- a/stacks/platform/modules/authentik/values.yaml +++ b/stacks/platform/modules/authentik/values.yaml @@ -20,7 +20,7 @@ server: resources: requests: cpu: 100m - memory: 256Mi + memory: 512Mi limits: cpu: "2" memory: 1Gi @@ -39,7 +39,7 @@ worker: resources: requests: cpu: 50m - memory: 256Mi + memory: 384Mi limits: cpu: "1" memory: 1Gi diff --git a/stacks/platform/modules/redis/main.tf b/stacks/platform/modules/redis/main.tf index c344119b..ef36d70a 100644 --- a/stacks/platform/modules/redis/main.tf +++ b/stacks/platform/modules/redis/main.tf @@ -40,10 +40,10 @@ resource "helm_release" "redis" { } sentinel = { - enabled = true - quorum = 2 - masterSet = "mymaster" - automateCluster = true + enabled = true + quorum = 2 + masterSet = "mymaster" + automateCluster = true resources = { requests = { @@ -66,12 +66,12 @@ resource "helm_release" "redis" { resources = { requests = { - cpu = "200m" - memory = "512Mi" + cpu = "100m" + memory = "64Mi" } limits = { - cpu = "1" - memory = "2Gi" + cpu = "500m" + memory = "256Mi" } } } @@ -87,12 +87,12 @@ resource "helm_release" "redis" { resources = { requests = { - cpu = "100m" - memory = "256Mi" + cpu = "50m" + memory = "64Mi" } limits = { cpu = "500m" - memory = "1Gi" + memory = "256Mi" } } } diff --git a/stacks/resume/main.tf b/stacks/resume/main.tf index 94661a17..cf0b09ca 100644 --- a/stacks/resume/main.tf +++ b/stacks/resume/main.tf @@ -73,12 +73,12 @@ resource "kubernetes_deployment" "printer" { resources { requests = { - memory = "256Mi" - cpu = "100m" + memory = "128Mi" + cpu = "50m" } limits = { - memory = "2Gi" - cpu = "2" + memory = "512Mi" + cpu = "1" } } @@ -221,12 +221,12 @@ resource "kubernetes_deployment" "resume" { resources { requests = { - memory = "256Mi" - cpu = "100m" + memory = "128Mi" + cpu = "25m" } limits = { - memory = "1Gi" - cpu = "1" + memory = "384Mi" + cpu = "500m" } } diff --git a/stacks/speedtest/main.tf b/stacks/speedtest/main.tf index 35cffd4b..14970393 100644 --- a/stacks/speedtest/main.tf +++ b/stacks/speedtest/main.tf @@ -101,6 +101,16 @@ resource "kubernetes_deployment" "speedtest" { name = "APP_TIMEZONE" value = "Europe/Sofia" } + resources { + requests = { + cpu = "25m" + memory = "64Mi" + } + limits = { + cpu = "500m" + memory = "512Mi" + } + } volume_mount { name = "config" mount_path = "/config" diff --git a/stacks/ytdlp/main.tf b/stacks/ytdlp/main.tf index a59cdbd8..0677055c 100644 --- a/stacks/ytdlp/main.tf +++ b/stacks/ytdlp/main.tf @@ -56,16 +56,16 @@ resource "kubernetes_deployment" "ytdlp" { container { image = "tzahi12345/youtubedl-material:nightly" name = "ytdlp" - # resources { - # limits = { - # cpu = "1" - # memory = "1Gi" - # } - # requests = { - # cpu = "1" - # memory = "1Gi" - # } - # } + resources { + requests = { + cpu = "25m" + memory = "128Mi" + } + limits = { + cpu = "500m" + memory = "512Mi" + } + } port { container_port = 17442 } @@ -190,9 +190,9 @@ resource "kubernetes_deployment" "yt_highlights" { "gpu" : "true" } toleration { - key = "nvidia.com/gpu" - value = "true" - effect = "NoSchedule" + key = "nvidia.com/gpu" + value = "true" + effect = "NoSchedule" } container { name = "yt-highlights"