infrastructure/apps
1
0
Fork 0
Code Issues Pull requests10 Projects Releases Packages Wiki Activity Actions

chore: remove CPU limits

Browse source
This commit is contained in:
Peter 2025-04-10 19:58:01 +02:00
parent 12d67b2d42
commit 40565fd2d0
Signed by: prskr
GPG key ID: F56BED6903BC5E37
30 changed files with 197 additions and 224 deletions
argocd/resources
dragonfly.yml
cnpg/cluster/resources
cluster.yaml
dragonfly-operator/resources
deployment.yaml
ente/resources
cast
deployment.yaml
museum
cache.yamldeployment.yaml
photos
deployment.yaml
external-dns/resources
deployment.yaml
fider/resources
deployment.yaml
forgejo
config
values.forgejo.yamlvalues.meilisearch.yaml
resources
dragonfly.yml
garage/resources
workload.yaml
harbor/resources/dragonfly
db.yaml
hedgedoc/resources
deployment.yaml
kube-prometheus/config
values.prometheus.yaml
linkwarden/resources
deployment.yaml
meali/resources
deployment.yaml
nextcloud/config
values.keydb.yaml
nocodb/resources
deployment.yamldragonfly.yaml
plausible/resources
deployment.yaml
postgres-operator/resources/db
default-cluster.yaml
s3-csi/patches
daemonset.yaml
snips/resources
statefulset.yaml
vaultwarden/resources
deployment.yaml
vikunja/resources
api
deployment.yamldragonfly.yaml
ui
deployment.yaml
zipline/resources
deployment.yaml

1
argocd/resources/dragonfly.yml
View file

@ -16,5 +16,4 @@ spec:
cpu: 50m
memory: 50Mi
limits:
cpu: 100m
memory: 350Mi

1
cnpg/cluster/resources/cluster.yaml
View file

@ -50,7 +50,6 @@ spec:
cpu: 400m
memory: 600Mi
limits:
cpu: 1200m
memory: 900Mi
affinity:

134
dragonfly-operator/resources/deployment.yaml
View file

@ -36,75 +36,73 @@ spec:
- arm64
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
- ppc64le
- s390x
- key: kubernetes.io/os
operator: In
values:
- linux
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
- ppc64le
- s390x
- key: kubernetes.io/os
operator: In
values:
- linux
containers:
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=0
image: kube-rbac-proxy
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
protocol: TCP
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 5m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- args:
- --health-probe-bind-address=:8081
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
command:
- /manager
image: dragonfly-operator
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=0
image: kube-rbac-proxy
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
protocol: TCP
resources:
limits:
memory: 128Mi
requests:
cpu: 5m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- args:
- --health-probe-bind-address=:8081
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
command:
- /manager
image: dragonfly-operator
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
securityContext:
runAsNonRoot: true
serviceAccountName: dragonfly-operator-controller-manager
terminationGracePeriodSeconds: 10
terminationGracePeriodSeconds: 10

1
ente/resources/cast/deployment.yaml
View file

@ -31,7 +31,6 @@ spec:
cpu: "25m"
limits:
memory: "128Mi"
cpu: "50m"
ports:
- name: http
containerPort: 3000

1
ente/resources/museum/cache.yaml
View file

@ -16,5 +16,4 @@ spec:
cpu: 50m
memory: 50Mi
limits:
cpu: 100m
memory: 350Mi

1
ente/resources/museum/deployment.yaml
View file

@ -49,7 +49,6 @@ spec:
cpu: "50m"
limits:
memory: "128Mi"
cpu: "250m"
ports:
- name: api
containerPort: 8080

1
ente/resources/photos/deployment.yaml
View file

@ -31,7 +31,6 @@ spec:
cpu: "25m"
limits:
memory: "128Mi"
cpu: "50m"
ports:
- name: http
containerPort: 3000

1
external-dns/resources/deployment.yaml
View file

@ -44,5 +44,4 @@ spec:
cpu: 50m
memory: 128Mi
limits:
cpu: 100m
memory: 128Mi

19
fider/resources/deployment.yaml
View file

@ -36,7 +36,6 @@ spec:
name: fider-config
resources:
limits:
cpu: 200m
memory: 200Mi
requests:
cpu: 50m
@ -44,12 +43,12 @@ spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- fider
topologyKey: topology.kubernetes.io/zone
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- fider
topologyKey: topology.kubernetes.io/zone

1
forgejo/config/values.forgejo.yaml
View file

@ -9,7 +9,6 @@ ingress:
resources:
limits:
cpu: 500m
memory: 3Gi
requests:
cpu: 250m

1
forgejo/config/values.meilisearch.yaml
View file

@ -16,7 +16,6 @@ persistence:
resources:
limits:
cpu: 100m
memory: 768Mi
requests:
cpu: 100m

3
forgejo/resources/dragonfly.yml
View file

@ -16,5 +16,4 @@ spec:
cpu: 100m
memory: 350Mi
limits:
cpu: 100m
memory: 350Mi
memory: 350Mi

1
garage/resources/workload.yaml
View file

@ -48,7 +48,6 @@ spec:
cpu: 300m
memory: 280Mi
limits:
cpu: 750m
memory: 500Mi
securityContext:
capabilities:

1
harbor/resources/dragonfly/db.yaml
View file

@ -16,5 +16,4 @@ spec:
cpu: 100m
memory: 350Mi
limits:
cpu: 100m
memory: 350Mi

73
hedgedoc/resources/deployment.yaml
View file

@ -13,42 +13,41 @@ spec:
app.kubernetes.io/name: hedgedoc
spec:
containers:
- name: hedgedoc
image: hedgedoc
env:
- name: CMD_DB_URL
valueFrom:
secretKeyRef:
name: db-credentials-hedgedoc
key: PQ_URL
- name: NODE_EXTRA_CA_CERTS
value: /certs/ca.crt
envFrom:
- secretRef:
name: hedgedoc-config
ports:
- containerPort: 3000
protocol: TCP
name: web
volumeMounts:
- name: upload-tmp
mountPath: /tmp
- name: pg-certs
mountPath: /certs
readOnly: true
resources:
requests:
memory: "168Mi"
cpu: "50m"
limits:
memory: "256Mi"
cpu: "500m"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
- name: hedgedoc
image: hedgedoc
env:
- name: CMD_DB_URL
valueFrom:
secretKeyRef:
name: db-credentials-hedgedoc
key: PQ_URL
- name: NODE_EXTRA_CA_CERTS
value: /certs/ca.crt
envFrom:
- secretRef:
name: hedgedoc-config
ports:
- containerPort: 3000
protocol: TCP
name: web
volumeMounts:
- name: upload-tmp
mountPath: /tmp
- name: pg-certs
mountPath: /certs
readOnly: true
resources:
requests:
memory: "168Mi"
cpu: "50m"
limits:
memory: "256Mi"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
securityContext:
runAsUser: 1000
runAsGroup: 1000
@ -69,4 +68,4 @@ spec:
sizeLimit: 500Mi
- name: pg-certs
secret:
secretName: default-cluster-cluster-cert
secretName: default-cluster-cluster-cert

1
kube-prometheus/config/values.prometheus.yaml
View file

@ -24,7 +24,6 @@ prometheus:
cpu: 500m
limits:
memory: 2200Mi
cpu: 800m
storageSpec:
volumeClaimTemplate:
spec:

4
linkwarden/resources/deployment.yaml
View file

@ -61,7 +61,6 @@ spec:
cpu: "50m"
limits:
memory: "1500Mi"
cpu: "500m"
readinessProbe:
httpGet:
path: /login
@ -104,7 +103,6 @@ spec:
cpu: "50m"
limits:
memory: "1500Mi"
cpu: "500m"
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -131,4 +129,4 @@ spec:
sizeLimit: 250Mi
- name: node-cache
emptyDir:
sizeLimit: 1500Mi
sizeLimit: 1500Mi

1
meali/resources/deployment.yaml
View file

@ -34,7 +34,6 @@ spec:
name: meali-config
resources:
limits:
cpu: 200m
memory: 500Mi
requests:
cpu: 150m

2
nextcloud/config/values.keydb.yaml
View file

@ -13,7 +13,6 @@ resources:
cpu: 50m
memory: 100Mi
limits:
cpu: 250m
memory: 256Mi
exporter:
@ -24,7 +23,6 @@ exporter:
cpu: 50m
memory: 50Mi
limits:
cpu: 150m
memory: 100Mi
serviceMonitor:

1
nocodb/resources/deployment.yaml
View file

@ -63,7 +63,6 @@ spec:
cpu: "50m"
limits:
memory: "256Mi"
cpu: "500m"
securityContext:
allowPrivilegeEscalation: false
capabilities:

3
nocodb/resources/dragonfly.yaml
View file

@ -16,5 +16,4 @@ spec:
cpu: 100m
memory: 350Mi
limits:
cpu: 100m
memory: 350Mi
memory: 350Mi

1
plausible/resources/deployment.yaml
View file

@ -42,7 +42,6 @@ spec:
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
securityContext:
allowPrivilegeEscalation: false
capabilities:

37
postgres-operator/resources/db/default-cluster.yaml
View file

@ -52,25 +52,24 @@ spec:
cpu: 500m
memory: 800Mi
limits:
cpu: 500m
memory: 800Mi
dataVolumeClaimSpec:
storageClassName: hcloud-volumes
accessModes:
- "ReadWriteOnce"
- "ReadWriteOnce"
resources:
requests:
storage: 10Gi
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
postgres-operator.crunchydata.com/cluster: default-cluster
postgres-operator.crunchydata.com/instance-set: instance1
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
postgres-operator.crunchydata.com/cluster: default-cluster
postgres-operator.crunchydata.com/instance-set: instance1
backups:
pgbackrest:
@ -79,8 +78,8 @@ spec:
options:
- --type=full
configuration:
- secret:
name: pgo-s3-creds
- secret:
name: pgo-s3-creds
global:
repo1-retention-full: "14"
repo1-retention-full-type: time
@ -88,11 +87,11 @@ spec:
repo1-path: /pgbackrest/default-cluster/repo1
repo1-s3-uri-style: path
repos:
- name: repo1
schedules:
full: "0 1 * * 0"
differential: "0 1 * * 1-6"
s3:
bucket: backup
endpoint: s3.icb4dc0.de
region: hel1
- name: repo1
schedules:
full: "0 1 * * 0"
differential: "0 1 * * 1-6"
s3:
bucket: backup
endpoint: s3.icb4dc0.de
region: hel1

2
s3-csi/patches/daemonset.yaml
View file

@ -5,7 +5,6 @@
cpu: 20m
memory: 15Mi
limits:
cpu: 20m
memory: 15Mi
- op: add
path: "/spec/template/spec/containers/1/resources"
@ -14,5 +13,4 @@
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi

30
snips/resources/statefulset.yaml
View file

@ -17,7 +17,14 @@ spec:
initContainers:
- name: init-litestream
image: litestream
args: ['restore', '-replica=Garage', '-if-db-not-exists', '-if-replica-exists', '/data/snips.db']
args:
[
"restore",
"-replica=Garage",
"-if-db-not-exists",
"-if-replica-exists",
"/data/snips.db",
]
env:
- name: LITESTREAM_ACCESS_KEY_ID
valueFrom:
@ -76,7 +83,6 @@ spec:
periodSeconds: 5
resources:
limits:
cpu: 100m
memory: 200Mi
requests:
cpu: 50m
@ -95,7 +101,7 @@ spec:
readOnlyRootFilesystem: true
- name: litestream
image: litestream
args: ['replicate']
args: ["replicate"]
volumeMounts:
- name: data
mountPath: /data
@ -142,15 +148,15 @@ spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- snips
topologyKey: topology.kubernetes.io/zone
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- snips
topologyKey: topology.kubernetes.io/zone
volumes:
- name: data
emptyDir: {}

1
vaultwarden/resources/deployment.yaml
View file

@ -30,7 +30,6 @@ spec:
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 8080
volumeMounts:

3
vikunja/resources/api/deployment.yaml
View file

@ -51,7 +51,7 @@ spec:
resourceFieldRef:
resource: limits.memory
ports:
- containerPort: 3456
- containerPort: 3456
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
@ -65,7 +65,6 @@ spec:
cpu: 20m
limits:
memory: "100Mi"
cpu: "50m"
volumeMounts:
- name: vikunja-config
mountPath: /etc/vikunja

1
vikunja/resources/api/dragonfly.yaml
View file

@ -16,5 +16,4 @@ spec:
cpu: 50m
memory: 50Mi
limits:
cpu: 100m
memory: 350Mi

31
vikunja/resources/ui/deployment.yaml
View file

@ -18,22 +18,21 @@ spec:
app.kubernetes.io/part-of: vikunja
spec:
containers:
- name: vikunja-ui
image: vikunja-ui
env:
- name: VIKUNJA_API_URL
value: https://todo.icb4dc0.de/api/v1
- name: VIKUNJA_HTTP_PORT
value: "8080"
resources:
requests:
memory: 15Mi
cpu: 10m
limits:
memory: "50Mi"
cpu: "50m"
ports:
- containerPort: 8080
- name: vikunja-ui
image: vikunja-ui
env:
- name: VIKUNJA_API_URL
value: https://todo.icb4dc0.de/api/v1
- name: VIKUNJA_HTTP_PORT
value: "8080"
resources:
requests:
memory: 15Mi
cpu: 10m
limits:
memory: "50Mi"
ports:
- containerPort: 8080
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:

63
zipline/resources/deployment.yaml
View file

@ -14,37 +14,36 @@ spec:
app.kubernetes.io/name: zipline
spec:
containers:
- name: zipline
image: zipline
env:
- name: CORE_DATABASE_URL
valueFrom:
secretKeyRef:
name: db-credentials-zipline
key: PQ_URL
envFrom:
- secretRef:
name: zipline-config
ports:
- containerPort: 3000
protocol: TCP
name: web
volumeMounts:
- mountPath: /tmp
name: temp
resources:
requests:
memory: "256Mi"
cpu: "50m"
limits:
memory: "512Mi"
cpu: "500m"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
- name: zipline
image: zipline
env:
- name: CORE_DATABASE_URL
valueFrom:
secretKeyRef:
name: db-credentials-zipline
key: PQ_URL
envFrom:
- secretRef:
name: zipline-config
ports:
- containerPort: 3000
protocol: TCP
name: web
volumeMounts:
- mountPath: /tmp
name: temp
resources:
requests:
memory: "256Mi"
cpu: "50m"
limits:
memory: "512Mi"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
@ -62,4 +61,4 @@ spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
runAsNonRoot: true