viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks/speedtest/main.tf
Viktor Barzin f64c979ba5 [ci skip] tune resource limits and requests across 10 services 
Critical OOM fixes (add/increase limits):
- netbox: add 512Mi limit (was at 98.8% of Kyverno default 256Mi)
- speedtest: add 512Mi limit (was at 80.9%)
- meshcentral: add 384Mi limit (was at 72.7%)
- ytdlp: uncomment resources, set 512Mi limit (was at 74.6%)

Over-provisioned (reduce limits):
- dashy: 2Gi → 512Mi (was using 135Mi)
- redis master: 2Gi → 256Mi (was using 14Mi)
- redis replica: 1Gi → 256Mi (was using 12Mi)
- resume printer: 2Gi → 512Mi (was using 108Mi)
- resume app: 1Gi → 384Mi (was using 125Mi)
- openclaw: 4Gi → 1Gi (was using 372Mi)

Under-provisioned requests (increase):
- authentik server: 256Mi → 512Mi request (actual ~560Mi)
- authentik worker: 256Mi → 384Mi request (actual ~400Mi)

New explicit resources (previously Kyverno defaults):
- forgejo: add 512Mi limit, 64Mi request
2026-02-28 21:59:08 +00:00

163 lines
3.8 KiB
HCL
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

variable "tls_secret_name" { type = string }
variable "speedtest_db_password" { type = string }
variable "nfs_server" { type = string }
variable "mysql_host" { type = string }
resource "kubernetes_namespace" "speedtest" {
metadata {
name = "speedtest"
labels = {
tier = local.tiers.aux
}
}
}
module "tls_secret" {
source = "../../modules/kubernetes/setup_tls_secret"
namespace = kubernetes_namespace.speedtest.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "random_id" "secret_key" {
byte_length = 32 # 32 bytes × 2 hex chars = 64 hex characters
}
resource "kubernetes_deployment" "speedtest" {
metadata {
name = "speedtest"
namespace = kubernetes_namespace.speedtest.metadata[0].name
labels = {
app = "speedtest"
tier = local.tiers.aux
}
}
spec {
replicas = 1
selector {
match_labels = {
app = "speedtest"
}
}
template {
metadata {
labels = {
app = "speedtest"
}
}
spec {
container {
image = "lscr.io/linuxserver/speedtest-tracker:latest"
name = "speedtest"
port {
container_port = 80
}
env {
name = "PUID"
value = 1000
}
env {
name = "PGID"
value = 1000
}
env {
name = "APP_KEY"
value = "base64:${random_id.secret_key.b64_std}"
}
env {
name = "SPEEDTEST_SCHEDULE"
value = "0 * * * *"
}
# env {
# name = "SPEEDTEST_SERVERS"
# # Sofia speedtest servers - https://c.speedtest.net/speedtest-servers-static.php
# value = "7617,17787,11348,37980,54640,27843,57118,10754,20191,29617"
# }
env {
name = "APP_URL"
value = "https://speedtest.viktorbarzin.me"
}
env {
name = "DB_CONNECTION"
value = "mysql"
}
env {
name = "DB_HOST"
value = var.mysql_host
}
env {
name = "DB_DATABASE"
value = "speedtest"
}
env {
name = "DB_USERNAME"
value = "speedtest"
}
env {
name = "DB_PASSWORD"
value = var.speedtest_db_password
}
env {
name = "APP_TIMEZONE"
value = "Europe/Sofia"
}
resources {
requests = {
cpu = "25m"
memory = "64Mi"
}
limits = {
cpu = "500m"
memory = "512Mi"
}
}
volume_mount {
name = "config"
mount_path = "/config"
}
}
volume {
name = "config"
nfs {
server = var.nfs_server
path = "/mnt/main/speedtest"
}
}
}
}
}
}
resource "kubernetes_service" "speedtest" {
metadata {
name = "speedtest"
namespace = kubernetes_namespace.speedtest.metadata[0].name
labels = {
"app" = "speedtest"
}
annotations = {
"prometheus.io/scrape" = "true"
"prometheus.io/path" = "/prometheus"
"prometheus.io/port" = "80"
}
}
spec {
selector = {
app = "speedtest"
}
port {
name = "http"
port = 80
target_port = 80
}
}
}
module "ingress" {
source = "../../modules/kubernetes/ingress_factory"
namespace = kubernetes_namespace.speedtest.metadata[0].name
name = "speedtest"
tls_secret_name = var.tls_secret_name
protected = true
}
Reference in a new issue View git blame Copy permalink