viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

[ci skip] tune resource limits and requests across 10 services

Browse source 
Critical OOM fixes (add/increase limits):
- netbox: add 512Mi limit (was at 98.8% of Kyverno default 256Mi)
- speedtest: add 512Mi limit (was at 80.9%)
- meshcentral: add 384Mi limit (was at 72.7%)
- ytdlp: uncomment resources, set 512Mi limit (was at 74.6%)

Over-provisioned (reduce limits):
- dashy: 2Gi → 512Mi (was using 135Mi)
- redis master: 2Gi → 256Mi (was using 14Mi)
- redis replica: 1Gi → 256Mi (was using 12Mi)
- resume printer: 2Gi → 512Mi (was using 108Mi)
- resume app: 1Gi → 384Mi (was using 125Mi)
- openclaw: 4Gi → 1Gi (was using 372Mi)

Under-provisioned requests (increase):
- authentik server: 256Mi → 512Mi request (actual ~560Mi)
- authentik worker: 256Mi → 384Mi request (actual ~400Mi)

New explicit resources (previously Kyverno defaults):
- forgejo: add 512Mi limit, 64Mi request
This commit is contained in:
Viktor Barzin 2026-02-28 21:59:08 +00:00
parent ac482b5324
commit f64c979ba5
10 changed files with 80 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

8
stacks/dashy/main.tf
View file

@ -67,12 +67,12 @@ resource "kubernetes_deployment" "dashy" {
resources { resources {
requests = { requests = {
cpu = "50m" cpu = "15m"
memory = "256Mi" memory = "64Mi"
} }
limits = { limits = {
cpu = "1" cpu = "500m"
memory = "2Gi" memory = "512Mi"
} }
} }
port { port {

10
stacks/forgejo/main.tf
View file

@ -59,6 +59,16 @@ resource "kubernetes_deployment" "forgejo" {
name = "data" name = "data"
mount_path = "/data" mount_path = "/data"
} }
resources {
requests = {
cpu = "15m"
memory = "64Mi"
}
limits = {
cpu = "500m"
memory = "512Mi"
}
}
port { port {
name = "http" name = "http"
container_port = 3000 container_port = 3000

10
stacks/meshcentral/main.tf
View file

@ -89,6 +89,16 @@ resource "kubernetes_deployment" "meshcentral" {
name = "files" name = "files"
mount_path = "/opt/meshcentral/meshcentral-files" mount_path = "/opt/meshcentral/meshcentral-files"
} }
resources {
requests = {
cpu = "15m"
memory = "64Mi"
}
limits = {
cpu = "500m"
memory = "384Mi"
}
}
volume_mount { volume_mount {
name = "backups" name = "backups"
mount_path = "/opt/meshcentral/meshcentral-backups" mount_path = "/opt/meshcentral/meshcentral-backups"

10
stacks/netbox/main.tf
View file

@ -131,6 +131,16 @@ resource "kubernetes_deployment" "netbox" {
value = "Europe/Sofia" value = "Europe/Sofia"
} }
resources {
requests = {
cpu = "25m"
memory = "64Mi"
}
limits = {
cpu = "1"
memory = "512Mi"
}
}
port { port {
container_port = 8080 container_port = 8080
} }

4
stacks/openclaw/main.tf
View file

@ -403,10 +403,10 @@ resource "kubernetes_deployment" "openclaw" {
} }
resources { resources {
limits = { limits = {
memory = "4Gi" memory = "1Gi"
} }
requests = { requests = {
memory = "256Mi" memory = "64Mi"
} }
} }
} }

4
stacks/platform/modules/authentik/values.yaml
View file

@ -20,7 +20,7 @@ server:
resources: resources:
requests: requests:
cpu: 100m cpu: 100m
memory: 256Mi memory: 512Mi
limits: limits:
cpu: "2" cpu: "2"
memory: 1Gi memory: 1Gi
@ -39,7 +39,7 @@ worker:
resources: resources:
requests: requests:
cpu: 50m cpu: 50m
memory: 256Mi memory: 384Mi
limits: limits:
cpu: "1" cpu: "1"
memory: 1Gi memory: 1Gi

22
stacks/platform/modules/redis/main.tf
View file

@ -40,10 +40,10 @@ resource "helm_release" "redis" {
} }
sentinel = { sentinel = {
enabled = true enabled = true
quorum = 2 quorum = 2
masterSet = "mymaster" masterSet = "mymaster"
automateCluster = true automateCluster = true
resources = { resources = {
requests = { requests = {
@ -66,12 +66,12 @@ resource "helm_release" "redis" {
resources = { resources = {
requests = { requests = {
cpu = "200m" cpu = "100m"
memory = "512Mi" memory = "64Mi"
} }
limits = { limits = {
cpu = "1" cpu = "500m"
memory = "2Gi" memory = "256Mi"
} }
} }
} }
@ -87,12 +87,12 @@ resource "helm_release" "redis" {
resources = { resources = {
requests = { requests = {
cpu = "100m" cpu = "50m"
memory = "256Mi" memory = "64Mi"
} }
limits = { limits = {
cpu = "500m" cpu = "500m"
memory = "1Gi" memory = "256Mi"
} }
} }
} }

16
stacks/resume/main.tf
View file

@ -73,12 +73,12 @@ resource "kubernetes_deployment" "printer" {
resources { resources {
requests = { requests = {
memory = "256Mi" memory = "128Mi"
cpu = "100m" cpu = "50m"
} }
limits = { limits = {
memory = "2Gi" memory = "512Mi"
cpu = "2" cpu = "1"
} }
} }
@ -221,12 +221,12 @@ resource "kubernetes_deployment" "resume" {
resources { resources {
requests = { requests = {
memory = "256Mi" memory = "128Mi"
cpu = "100m" cpu = "25m"
} }
limits = { limits = {
memory = "1Gi" memory = "384Mi"
cpu = "1" cpu = "500m"
} }
} }

10
stacks/speedtest/main.tf
View file

@ -101,6 +101,16 @@ resource "kubernetes_deployment" "speedtest" {
name = "APP_TIMEZONE" name = "APP_TIMEZONE"
value = "Europe/Sofia" value = "Europe/Sofia"
} }
resources {
requests = {
cpu = "25m"
memory = "64Mi"
}
limits = {
cpu = "500m"
memory = "512Mi"
}
}
volume_mount { volume_mount {
name = "config" name = "config"
mount_path = "/config" mount_path = "/config"

26
stacks/ytdlp/main.tf
View file

@ -56,16 +56,16 @@ resource "kubernetes_deployment" "ytdlp" {
container { container {
image = "tzahi12345/youtubedl-material:nightly" image = "tzahi12345/youtubedl-material:nightly"
name = "ytdlp" name = "ytdlp"
# resources { resources {
# limits = { requests = {
# cpu = "1" cpu = "25m"
# memory = "1Gi" memory = "128Mi"
# } }
# requests = { limits = {
# cpu = "1" cpu = "500m"
# memory = "1Gi" memory = "512Mi"
# } }
# } }
port { port {
container_port = 17442 container_port = 17442
} }
@ -190,9 +190,9 @@ resource "kubernetes_deployment" "yt_highlights" {
"gpu" : "true" "gpu" : "true"
} }
toleration { toleration {
key = "nvidia.com/gpu" key = "nvidia.com/gpu"
value = "true" value = "true"
effect = "NoSchedule" effect = "NoSchedule"
} }
container { container {
name = "yt-highlights" name = "yt-highlights"