chore: remove CPU limits

This commit is contained in:
Peter 2025-04-10 19:58:01 +02:00
parent 12d67b2d42
commit 40565fd2d0
Signed by: prskr
GPG key ID: F56BED6903BC5E37
30 changed files with 197 additions and 224 deletions
argocd/resources
cnpg/cluster/resources
dragonfly-operator/resources
ente/resources
external-dns/resources
fider/resources
forgejo
garage/resources
harbor/resources/dragonfly
hedgedoc/resources
kube-prometheus/config
linkwarden/resources
meali/resources
nextcloud/config
nocodb/resources
plausible/resources
postgres-operator/resources/db
s3-csi/patches
snips/resources
vaultwarden/resources
vikunja/resources
zipline/resources

View file

@ -16,5 +16,4 @@ spec:
cpu: 50m cpu: 50m
memory: 50Mi memory: 50Mi
limits: limits:
cpu: 100m
memory: 350Mi memory: 350Mi

View file

@ -50,7 +50,6 @@ spec:
cpu: 400m cpu: 400m
memory: 600Mi memory: 600Mi
limits: limits:
cpu: 1200m
memory: 900Mi memory: 900Mi
affinity: affinity:

View file

@ -36,75 +36,73 @@ spec:
- arm64 - arm64
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms: nodeSelectorTerms:
- matchExpressions: - matchExpressions:
- key: kubernetes.io/arch - key: kubernetes.io/arch
operator: In operator: In
values: values:
- amd64 - amd64
- arm64 - arm64
- ppc64le - ppc64le
- s390x - s390x
- key: kubernetes.io/os - key: kubernetes.io/os
operator: In operator: In
values: values:
- linux - linux
containers: containers:
- args: - args:
- --secure-listen-address=0.0.0.0:8443 - --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/ - --upstream=http://127.0.0.1:8080/
- --logtostderr=true - --logtostderr=true
- --v=0 - --v=0
image: kube-rbac-proxy image: kube-rbac-proxy
name: kube-rbac-proxy name: kube-rbac-proxy
ports: ports:
- containerPort: 8443 - containerPort: 8443
name: https name: https
protocol: TCP protocol: TCP
resources: resources:
limits: limits:
cpu: 500m memory: 128Mi
memory: 128Mi requests:
requests: cpu: 5m
cpu: 5m memory: 64Mi
memory: 64Mi securityContext:
securityContext: allowPrivilegeEscalation: false
allowPrivilegeEscalation: false capabilities:
capabilities: drop:
drop: - ALL
- ALL - args:
- args: - --health-probe-bind-address=:8081
- --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080
- --metrics-bind-address=127.0.0.1:8080 - --leader-elect
- --leader-elect command:
command: - /manager
- /manager image: dragonfly-operator
image: dragonfly-operator livenessProbe:
livenessProbe: httpGet:
httpGet: path: /healthz
path: /healthz port: 8081
port: 8081 initialDelaySeconds: 15
initialDelaySeconds: 15 periodSeconds: 20
periodSeconds: 20 name: manager
name: manager readinessProbe:
readinessProbe: httpGet:
httpGet: path: /readyz
path: /readyz port: 8081
port: 8081 initialDelaySeconds: 5
initialDelaySeconds: 5 periodSeconds: 10
periodSeconds: 10 resources:
resources: limits:
limits: memory: 128Mi
cpu: 500m requests:
memory: 128Mi cpu: 10m
requests: memory: 64Mi
cpu: 10m securityContext:
memory: 64Mi allowPrivilegeEscalation: false
securityContext: capabilities:
allowPrivilegeEscalation: false drop:
capabilities: - ALL
drop:
- ALL
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
serviceAccountName: dragonfly-operator-controller-manager serviceAccountName: dragonfly-operator-controller-manager
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10

View file

@ -31,7 +31,6 @@ spec:
cpu: "25m" cpu: "25m"
limits: limits:
memory: "128Mi" memory: "128Mi"
cpu: "50m"
ports: ports:
- name: http - name: http
containerPort: 3000 containerPort: 3000

View file

@ -16,5 +16,4 @@ spec:
cpu: 50m cpu: 50m
memory: 50Mi memory: 50Mi
limits: limits:
cpu: 100m
memory: 350Mi memory: 350Mi

View file

@ -49,7 +49,6 @@ spec:
cpu: "50m" cpu: "50m"
limits: limits:
memory: "128Mi" memory: "128Mi"
cpu: "250m"
ports: ports:
- name: api - name: api
containerPort: 8080 containerPort: 8080

View file

@ -31,7 +31,6 @@ spec:
cpu: "25m" cpu: "25m"
limits: limits:
memory: "128Mi" memory: "128Mi"
cpu: "50m"
ports: ports:
- name: http - name: http
containerPort: 3000 containerPort: 3000

View file

@ -44,5 +44,4 @@ spec:
cpu: 50m cpu: 50m
memory: 128Mi memory: 128Mi
limits: limits:
cpu: 100m
memory: 128Mi memory: 128Mi

View file

@ -36,7 +36,6 @@ spec:
name: fider-config name: fider-config
resources: resources:
limits: limits:
cpu: 200m
memory: 200Mi memory: 200Mi
requests: requests:
cpu: 50m cpu: 50m
@ -44,12 +43,12 @@ spec:
affinity: affinity:
podAntiAffinity: podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution: preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100 - weight: 100
podAffinityTerm: podAffinityTerm:
labelSelector: labelSelector:
matchExpressions: matchExpressions:
- key: app.kubernetes.io/name - key: app.kubernetes.io/name
operator: In operator: In
values: values:
- fider - fider
topologyKey: topology.kubernetes.io/zone topologyKey: topology.kubernetes.io/zone

View file

@ -9,7 +9,6 @@ ingress:
resources: resources:
limits: limits:
cpu: 500m
memory: 3Gi memory: 3Gi
requests: requests:
cpu: 250m cpu: 250m

View file

@ -16,7 +16,6 @@ persistence:
resources: resources:
limits: limits:
cpu: 100m
memory: 768Mi memory: 768Mi
requests: requests:
cpu: 100m cpu: 100m

View file

@ -16,5 +16,4 @@ spec:
cpu: 100m cpu: 100m
memory: 350Mi memory: 350Mi
limits: limits:
cpu: 100m memory: 350Mi
memory: 350Mi

View file

@ -48,7 +48,6 @@ spec:
cpu: 300m cpu: 300m
memory: 280Mi memory: 280Mi
limits: limits:
cpu: 750m
memory: 500Mi memory: 500Mi
securityContext: securityContext:
capabilities: capabilities:

View file

@ -16,5 +16,4 @@ spec:
cpu: 100m cpu: 100m
memory: 350Mi memory: 350Mi
limits: limits:
cpu: 100m
memory: 350Mi memory: 350Mi

View file

@ -13,42 +13,41 @@ spec:
app.kubernetes.io/name: hedgedoc app.kubernetes.io/name: hedgedoc
spec: spec:
containers: containers:
- name: hedgedoc - name: hedgedoc
image: hedgedoc image: hedgedoc
env: env:
- name: CMD_DB_URL - name: CMD_DB_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: db-credentials-hedgedoc name: db-credentials-hedgedoc
key: PQ_URL key: PQ_URL
- name: NODE_EXTRA_CA_CERTS - name: NODE_EXTRA_CA_CERTS
value: /certs/ca.crt value: /certs/ca.crt
envFrom: envFrom:
- secretRef: - secretRef:
name: hedgedoc-config name: hedgedoc-config
ports: ports:
- containerPort: 3000 - containerPort: 3000
protocol: TCP protocol: TCP
name: web name: web
volumeMounts: volumeMounts:
- name: upload-tmp - name: upload-tmp
mountPath: /tmp mountPath: /tmp
- name: pg-certs - name: pg-certs
mountPath: /certs mountPath: /certs
readOnly: true readOnly: true
resources: resources:
requests: requests:
memory: "168Mi" memory: "168Mi"
cpu: "50m" cpu: "50m"
limits: limits:
memory: "256Mi" memory: "256Mi"
cpu: "500m" securityContext:
securityContext: allowPrivilegeEscalation: false
allowPrivilegeEscalation: false capabilities:
capabilities: drop:
drop: - ALL
- ALL readOnlyRootFilesystem: true
readOnlyRootFilesystem: true
securityContext: securityContext:
runAsUser: 1000 runAsUser: 1000
runAsGroup: 1000 runAsGroup: 1000
@ -69,4 +68,4 @@ spec:
sizeLimit: 500Mi sizeLimit: 500Mi
- name: pg-certs - name: pg-certs
secret: secret:
secretName: default-cluster-cluster-cert secretName: default-cluster-cluster-cert

View file

@ -24,7 +24,6 @@ prometheus:
cpu: 500m cpu: 500m
limits: limits:
memory: 2200Mi memory: 2200Mi
cpu: 800m
storageSpec: storageSpec:
volumeClaimTemplate: volumeClaimTemplate:
spec: spec:

View file

@ -61,7 +61,6 @@ spec:
cpu: "50m" cpu: "50m"
limits: limits:
memory: "1500Mi" memory: "1500Mi"
cpu: "500m"
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /login path: /login
@ -104,7 +103,6 @@ spec:
cpu: "50m" cpu: "50m"
limits: limits:
memory: "1500Mi" memory: "1500Mi"
cpu: "500m"
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
@ -131,4 +129,4 @@ spec:
sizeLimit: 250Mi sizeLimit: 250Mi
- name: node-cache - name: node-cache
emptyDir: emptyDir:
sizeLimit: 1500Mi sizeLimit: 1500Mi

View file

@ -34,7 +34,6 @@ spec:
name: meali-config name: meali-config
resources: resources:
limits: limits:
cpu: 200m
memory: 500Mi memory: 500Mi
requests: requests:
cpu: 150m cpu: 150m

View file

@ -13,7 +13,6 @@ resources:
cpu: 50m cpu: 50m
memory: 100Mi memory: 100Mi
limits: limits:
cpu: 250m
memory: 256Mi memory: 256Mi
exporter: exporter:
@ -24,7 +23,6 @@ exporter:
cpu: 50m cpu: 50m
memory: 50Mi memory: 50Mi
limits: limits:
cpu: 150m
memory: 100Mi memory: 100Mi
serviceMonitor: serviceMonitor:

View file

@ -63,7 +63,6 @@ spec:
cpu: "50m" cpu: "50m"
limits: limits:
memory: "256Mi" memory: "256Mi"
cpu: "500m"
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:

View file

@ -16,5 +16,4 @@ spec:
cpu: 100m cpu: 100m
memory: 350Mi memory: 350Mi
limits: limits:
cpu: 100m memory: 350Mi
memory: 350Mi

View file

@ -42,7 +42,6 @@ spec:
cpu: "250m" cpu: "250m"
limits: limits:
memory: "512Mi" memory: "512Mi"
cpu: "500m"
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:

View file

@ -52,25 +52,24 @@ spec:
cpu: 500m cpu: 500m
memory: 800Mi memory: 800Mi
limits: limits:
cpu: 500m
memory: 800Mi memory: 800Mi
dataVolumeClaimSpec: dataVolumeClaimSpec:
storageClassName: hcloud-volumes storageClassName: hcloud-volumes
accessModes: accessModes:
- "ReadWriteOnce" - "ReadWriteOnce"
resources: resources:
requests: requests:
storage: 10Gi storage: 10Gi
affinity: affinity:
podAntiAffinity: podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution: preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1 - weight: 1
podAffinityTerm: podAffinityTerm:
topologyKey: kubernetes.io/hostname topologyKey: kubernetes.io/hostname
labelSelector: labelSelector:
matchLabels: matchLabels:
postgres-operator.crunchydata.com/cluster: default-cluster postgres-operator.crunchydata.com/cluster: default-cluster
postgres-operator.crunchydata.com/instance-set: instance1 postgres-operator.crunchydata.com/instance-set: instance1
backups: backups:
pgbackrest: pgbackrest:
@ -79,8 +78,8 @@ spec:
options: options:
- --type=full - --type=full
configuration: configuration:
- secret: - secret:
name: pgo-s3-creds name: pgo-s3-creds
global: global:
repo1-retention-full: "14" repo1-retention-full: "14"
repo1-retention-full-type: time repo1-retention-full-type: time
@ -88,11 +87,11 @@ spec:
repo1-path: /pgbackrest/default-cluster/repo1 repo1-path: /pgbackrest/default-cluster/repo1
repo1-s3-uri-style: path repo1-s3-uri-style: path
repos: repos:
- name: repo1 - name: repo1
schedules: schedules:
full: "0 1 * * 0" full: "0 1 * * 0"
differential: "0 1 * * 1-6" differential: "0 1 * * 1-6"
s3: s3:
bucket: backup bucket: backup
endpoint: s3.icb4dc0.de endpoint: s3.icb4dc0.de
region: hel1 region: hel1

View file

@ -5,7 +5,6 @@
cpu: 20m cpu: 20m
memory: 15Mi memory: 15Mi
limits: limits:
cpu: 20m
memory: 15Mi memory: 15Mi
- op: add - op: add
path: "/spec/template/spec/containers/1/resources" path: "/spec/template/spec/containers/1/resources"
@ -14,5 +13,4 @@
cpu: 100m cpu: 100m
memory: 100Mi memory: 100Mi
limits: limits:
cpu: 100m
memory: 100Mi memory: 100Mi

View file

@ -17,7 +17,14 @@ spec:
initContainers: initContainers:
- name: init-litestream - name: init-litestream
image: litestream image: litestream
args: ['restore', '-replica=Garage', '-if-db-not-exists', '-if-replica-exists', '/data/snips.db'] args:
[
"restore",
"-replica=Garage",
"-if-db-not-exists",
"-if-replica-exists",
"/data/snips.db",
]
env: env:
- name: LITESTREAM_ACCESS_KEY_ID - name: LITESTREAM_ACCESS_KEY_ID
valueFrom: valueFrom:
@ -76,7 +83,6 @@ spec:
periodSeconds: 5 periodSeconds: 5
resources: resources:
limits: limits:
cpu: 100m
memory: 200Mi memory: 200Mi
requests: requests:
cpu: 50m cpu: 50m
@ -95,7 +101,7 @@ spec:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
- name: litestream - name: litestream
image: litestream image: litestream
args: ['replicate'] args: ["replicate"]
volumeMounts: volumeMounts:
- name: data - name: data
mountPath: /data mountPath: /data
@ -142,15 +148,15 @@ spec:
affinity: affinity:
podAntiAffinity: podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution: preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100 - weight: 100
podAffinityTerm: podAffinityTerm:
labelSelector: labelSelector:
matchExpressions: matchExpressions:
- key: app.kubernetes.io/name - key: app.kubernetes.io/name
operator: In operator: In
values: values:
- snips - snips
topologyKey: topology.kubernetes.io/zone topologyKey: topology.kubernetes.io/zone
volumes: volumes:
- name: data - name: data
emptyDir: {} emptyDir: {}

View file

@ -30,7 +30,6 @@ spec:
resources: resources:
limits: limits:
memory: "128Mi" memory: "128Mi"
cpu: "500m"
ports: ports:
- containerPort: 8080 - containerPort: 8080
volumeMounts: volumeMounts:

View file

@ -51,7 +51,7 @@ spec:
resourceFieldRef: resourceFieldRef:
resource: limits.memory resource: limits.memory
ports: ports:
- containerPort: 3456 - containerPort: 3456
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
@ -65,7 +65,6 @@ spec:
cpu: 20m cpu: 20m
limits: limits:
memory: "100Mi" memory: "100Mi"
cpu: "50m"
volumeMounts: volumeMounts:
- name: vikunja-config - name: vikunja-config
mountPath: /etc/vikunja mountPath: /etc/vikunja

View file

@ -16,5 +16,4 @@ spec:
cpu: 50m cpu: 50m
memory: 50Mi memory: 50Mi
limits: limits:
cpu: 100m
memory: 350Mi memory: 350Mi

View file

@ -18,22 +18,21 @@ spec:
app.kubernetes.io/part-of: vikunja app.kubernetes.io/part-of: vikunja
spec: spec:
containers: containers:
- name: vikunja-ui - name: vikunja-ui
image: vikunja-ui image: vikunja-ui
env: env:
- name: VIKUNJA_API_URL - name: VIKUNJA_API_URL
value: https://todo.icb4dc0.de/api/v1 value: https://todo.icb4dc0.de/api/v1
- name: VIKUNJA_HTTP_PORT - name: VIKUNJA_HTTP_PORT
value: "8080" value: "8080"
resources: resources:
requests: requests:
memory: 15Mi memory: 15Mi
cpu: 10m cpu: 10m
limits: limits:
memory: "50Mi" memory: "50Mi"
cpu: "50m" ports:
ports: - containerPort: 8080
- containerPort: 8080
affinity: affinity:
nodeAffinity: nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution: preferredDuringSchedulingIgnoredDuringExecution:

View file

@ -14,37 +14,36 @@ spec:
app.kubernetes.io/name: zipline app.kubernetes.io/name: zipline
spec: spec:
containers: containers:
- name: zipline - name: zipline
image: zipline image: zipline
env: env:
- name: CORE_DATABASE_URL - name: CORE_DATABASE_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: db-credentials-zipline name: db-credentials-zipline
key: PQ_URL key: PQ_URL
envFrom: envFrom:
- secretRef: - secretRef:
name: zipline-config name: zipline-config
ports: ports:
- containerPort: 3000 - containerPort: 3000
protocol: TCP protocol: TCP
name: web name: web
volumeMounts: volumeMounts:
- mountPath: /tmp - mountPath: /tmp
name: temp name: temp
resources: resources:
requests: requests:
memory: "256Mi" memory: "256Mi"
cpu: "50m" cpu: "50m"
limits: limits:
memory: "512Mi" memory: "512Mi"
cpu: "500m" securityContext:
securityContext: allowPrivilegeEscalation: false
allowPrivilegeEscalation: false capabilities:
capabilities: drop:
drop: - ALL
- ALL readOnlyRootFilesystem: true
readOnlyRootFilesystem: true
affinity: affinity:
nodeAffinity: nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution: preferredDuringSchedulingIgnoredDuringExecution:
@ -62,4 +61,4 @@ spec:
securityContext: securityContext:
runAsUser: 1000 runAsUser: 1000
runAsGroup: 1000 runAsGroup: 1000
runAsNonRoot: true runAsNonRoot: true