viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cluster health fixes: NFS CSI, Immich ML, dbaas, Redis, DNS, trading-bot removal

Browse source 
- NFS CSI: fix liveness-probe port conflict (29652 → 29653)
- Immich ML: add gpu-workload priority class to enable preemption on node1
- dbaas: right-size MySQL memory limits (sidecar 6Gi→350Mi, main 4Gi→3Gi)
- Redis: add redis-master service via HAProxy for master-only routing,
  update config.tfvars redis_host to use it
- CoreDNS: forward .viktorbarzin.lan to Technitium ClusterIP (10.96.0.53)
  instead of stale LoadBalancer IP (10.0.20.200)
- Trading bot: comment out all resources (no longer needed)
- Vault: remove trading-bot PostgreSQL database role
This commit is contained in:
Viktor Barzin 2026-04-06 11:54:45 +03:00
parent 0115320d72
commit f80e1fa868
10 changed files with 115 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

8
stacks/vault/main.tf
View file

@ -189,7 +189,7 @@ resource "vault_policy" "sops_admin" {
policy = <<-EOT
path "transit/encrypt/sops-state-*" { capabilities = ["update"] }
path "transit/decrypt/sops-state-*" { capabilities = ["update"] }
path "transit/keys/sops-state-*" { capabilities = ["read"] }
path "transit/keys/sops-state-*" { capabilities = ["create", "read", "update"] }
EOT
}
@ -481,7 +481,8 @@ resource "vault_database_secret_backend_connection" "postgresql" {
backend = vault_mount.database.path
name = "postgresql"
allowed_roles = [
"pg-trading", "pg-health", "pg-linkwarden",
# "pg-trading", # Commented out 2026-04-06 - trading-bot disabled
"pg-health", "pg-linkwarden",
"pg-affine", "pg-woodpecker", "pg-claude-memory"
]
@ -545,6 +546,8 @@ resource "vault_database_secret_backend_static_role" "mysql_grafana" {
# --- PostgreSQL Static Roles ---
/*
# Commented out 2026-04-06 - trading-bot disabled
resource "vault_database_secret_backend_static_role" "pg_trading" {
backend = vault_mount.database.path
db_name = vault_database_secret_backend_connection.postgresql.name
@ -552,6 +555,7 @@ resource "vault_database_secret_backend_static_role" "pg_trading" {
username = "trading"
rotation_period = 604800
}
*/
resource "vault_database_secret_backend_static_role" "pg_health" {
backend = vault_mount.database.path