f64c979ba5
Critical OOM fixes (add/increase limits): - netbox: add 512Mi limit (was at 98.8% of Kyverno default 256Mi) - speedtest: add 512Mi limit (was at 80.9%) - meshcentral: add 384Mi limit (was at 72.7%) - ytdlp: uncomment resources, set 512Mi limit (was at 74.6%) Over-provisioned (reduce limits): - dashy: 2Gi → 512Mi (was using 135Mi) - redis master: 2Gi → 256Mi (was using 14Mi) - redis replica: 1Gi → 256Mi (was using 12Mi) - resume printer: 2Gi → 512Mi (was using 108Mi) - resume app: 1Gi → 384Mi (was using 125Mi) - openclaw: 4Gi → 1Gi (was using 372Mi) Under-provisioned requests (increase): - authentik server: 256Mi → 512Mi request (actual ~560Mi) - authentik worker: 256Mi → 384Mi request (actual ~400Mi) New explicit resources (previously Kyverno defaults): - forgejo: add 512Mi limit, 64Mi request
45 lines
963 B
YAML
45 lines
963 B
YAML
authentik:
|
|
log_level: warning
|
|
# log_level: trace
|
|
secret_key: "${secret_key}"
|
|
# This sends anonymous usage-data, stack traces on errors and
|
|
# performance data to authentik.error-reporting.a7k.io, and is fully opt-in
|
|
error_reporting:
|
|
enabled: true
|
|
postgresql:
|
|
# host: postgresql.dbaas
|
|
host: pgbouncer.authentik
|
|
port: 6432
|
|
user: authentik
|
|
password: ${postgres_password}
|
|
redis:
|
|
host: ${redis_host}
|
|
|
|
server:
|
|
replicas: 3
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 512Mi
|
|
limits:
|
|
cpu: "2"
|
|
memory: 1Gi
|
|
ingress:
|
|
enabled: false
|
|
# hosts:
|
|
# - authentik.viktorbarzin.me
|
|
podAnnotations:
|
|
diun.enable: true
|
|
diun.include_tags: "^202[0-9].[0-9]+.*$" # no need to annotate the worker as it uses the same image
|
|
global:
|
|
addPrometheusAnnotations: true
|
|
|
|
worker:
|
|
replicas: 3
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 384Mi
|
|
limits:
|
|
cpu: "1"
|
|
memory: 1Gi
|