viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks/platform/modules
History
Viktor Barzin d352d6e7f8 resource quota review: fix OOM risks, close quota gaps, add HA protections 
Phase 1 - OOM fixes:
- dashy: increase memory limit 512Mi→1Gi (was at 99% utilization)
- caretta DaemonSet: set explicit resources 300Mi/512Mi (was at 85-98%)
- mysql-operator: add Helm resource values 256Mi/512Mi, create namespace
  with tier label (was at 92% of LimitRange default)
- prowlarr, flaresolverr, annas-archive-stacks: add explicit resources
  (outgrowing 256Mi LimitRange defaults)
- real-estate-crawler celery: add resources 512Mi/3Gi (608Mi actual, no
  explicit resources)

Phase 2 - Close quota gaps:
- nvidia, real-estate-crawler, trading-bot: remove custom-quota=true
  labels so Kyverno generates tier-appropriate quotas
- descheduler: add tier=1-cluster label for proper classification

Phase 3 - Reduce excessive quotas:
- monitoring: limits.memory 240Gi→64Gi, limits.cpu 120→64
- woodpecker: limits.memory 128Gi→32Gi, limits.cpu 64→16
- GPU tier default: limits.memory 96Gi→32Gi, limits.cpu 48→16

Phase 4 - Kubelet protection:
- Add cpu: 200m to systemReserved and kubeReserved in kubelet template

Phase 5 - HA improvements:
- cloudflared: add topology spread (ScheduleAnyway) + PDB (maxUnavailable:1)
- grafana: add topology spread + PDB via Helm values
- crowdsec LAPI: add topology spread + PDB via Helm values
- authentik server: add topology spread via Helm values
- authentik worker: add topology spread + PDB via Helm values
2026-03-08 18:17:46 +00:00
..
authentik resource quota review: fix OOM risks, close quota gaps, add HA protections 2026-03-08 18:17:46 +00:00
cloudflared resource quota review: fix OOM risks, close quota gaps, add HA protections 2026-03-08 18:17:46 +00:00
cnpg [ci skip] install CloudNativePG operator as platform module 2026-02-28 17:22:53 +00:00
crowdsec resource quota review: fix OOM risks, close quota gaps, add HA protections 2026-03-08 18:17:46 +00:00
dbaas resource quota review: fix OOM risks, close quota gaps, add HA protections 2026-03-08 18:17:46 +00:00
headscale [ci skip] fix widget issues: ports, Immich v2 API, Nextcloud trusted domains 2026-03-07 20:39:56 +00:00
infra-maintenance [ci skip] iSCSI migration, healthcheck fixes, health probes, etcd backup 2026-03-06 19:54:21 +00:00
iscsi-csi [ci skip] iSCSI migration, healthcheck fixes, health probes, etcd backup 2026-03-06 19:54:21 +00:00
k8s-portal [ci skip] add Homepage gethomepage.dev annotations to all services 2026-03-07 20:39:54 +00:00
kyverno resource quota review: fix OOM risks, close quota gaps, add HA protections 2026-03-08 18:17:46 +00:00
mailserver [ci skip] add Homepage gethomepage.dev annotations to all services 2026-03-07 20:39:54 +00:00
metallb [ci skip] Move Terraform modules into stack directories 2026-02-22 14:38:14 +00:00
metrics-server [ci skip] Move Terraform modules into stack directories 2026-02-22 14:38:14 +00:00
monitoring resource quota review: fix OOM risks, close quota gaps, add HA protections 2026-03-08 18:17:46 +00:00
nfs-csi [ci skip] add NFS CSI driver + nfs_volume shared module 2026-03-01 23:38:58 +00:00
nvidia resource quota review: fix OOM risks, close quota gaps, add HA protections 2026-03-08 18:17:46 +00:00
rbac Woodpecker CI: use built-in clone, fix CoreDNS DNS resolution [CI SKIP] 2026-02-23 00:08:42 +00:00
redis [ci skip] migrate Redis, Prometheus, Loki storage to iSCSI 2026-03-06 20:50:55 +00:00
reverse_proxy [ci skip] fix pfSense widget: wan interface is vtnet0 not vmx0 2026-03-07 20:39:56 +00:00
technitium [ci skip] add Homepage gethomepage.dev annotations to all services 2026-03-07 20:39:54 +00:00
traefik [ci skip] add Homepage gethomepage.dev annotations to all services 2026-03-07 20:39:54 +00:00
uptime-kuma [ci skip] fix widget URLs: use correct k8s service ports 2026-03-07 20:39:56 +00:00
vaultwarden [ci skip] add Homepage gethomepage.dev annotations to all services 2026-03-07 20:39:54 +00:00
vpa [ci skip] fix Homepage icons for Tandoor, Listenarr, Networking Toolbox, Goldilocks 2026-03-07 21:29:51 +00:00
wireguard [ci skip] right-size all pod resources based on VPA + live metrics audit 2026-03-01 19:18:50 +00:00
xray [ci skip] phase 5+6: update CI pipelines for SOPS, add sensitive=true to secret vars 2026-03-07 14:30:36 +00:00