From 92bb894ef6b62a658123c36878acd612d3e98428 Mon Sep 17 00:00:00 2001 From: Steffen Illium Date: Tue, 14 May 2024 20:47:55 +0200 Subject: [PATCH] ressources --- apps/adguard/base/adguard-deployment.yaml | 2 +- apps/dashy/base/deployment.yaml | 5 ++++- apps/emby/base/deployment.yaml | 2 ++ apps/gitea/base/deployment.yaml | 5 ++++- apps/immich/deployment/database.yaml | 5 ++++- apps/immich/deployment/redis.yaml | 5 ++++- apps/immich/deployment/server.yaml | 10 +++++++-- .../base/kube-dashboard-rolebinding.yaml | 12 ----------- .../base/kube-dashboard-serviceaccount.yaml | 5 ----- .../base/kube-dashboard-ui-ingress.yaml | 14 ------------- .../base/kube-dashboard-user-secret.yaml | 11 ---------- apps/kube-dashboard/kustomization.yaml | 18 ---------------- .../patches/dashboard-insecure-access.yaml | 21 ------------------- .../patches/dashboard-insecure-service.yaml | 17 --------------- apps/nextcloud/base/deployment.yaml | 12 ++++++----- apps/paperless/base/deployment.yaml | 9 +++++--- apps/sftpgo/base/deployment.yaml | 5 ++++- apps/vaultwarden/base/deployment.yaml | 5 ++++- 18 files changed, 48 insertions(+), 115 deletions(-) delete mode 100644 apps/kube-dashboard/base/kube-dashboard-rolebinding.yaml delete mode 100644 apps/kube-dashboard/base/kube-dashboard-serviceaccount.yaml delete mode 100644 apps/kube-dashboard/base/kube-dashboard-ui-ingress.yaml delete mode 100644 apps/kube-dashboard/base/kube-dashboard-user-secret.yaml delete mode 100644 apps/kube-dashboard/kustomization.yaml delete mode 100644 apps/kube-dashboard/patches/dashboard-insecure-access.yaml delete mode 100644 apps/kube-dashboard/patches/dashboard-insecure-service.yaml diff --git a/apps/adguard/base/adguard-deployment.yaml b/apps/adguard/base/adguard-deployment.yaml index 00da7f8..48d630c 100644 --- a/apps/adguard/base/adguard-deployment.yaml +++ b/apps/adguard/base/adguard-deployment.yaml @@ -38,7 +38,7 @@ spec: mountPath: /opt/adguardhome/conf resources: limits: - cpu: "0.5" + cpu: "0.1" memory: "512Mi" volumes: - name: adguard-pvc diff --git a/apps/dashy/base/deployment.yaml b/apps/dashy/base/deployment.yaml index bd7a95f..36e2023 100644 --- a/apps/dashy/base/deployment.yaml +++ b/apps/dashy/base/deployment.yaml @@ -34,7 +34,10 @@ spec: - name: http containerPort: 8080 protocol: TCP - resources: {} + resources: + limits: + cpu: "0.1" + memory: "500M" volumeMounts: - name: config mountPath: /app/user-data diff --git a/apps/emby/base/deployment.yaml b/apps/emby/base/deployment.yaml index 192de3d..75e732a 100644 --- a/apps/emby/base/deployment.yaml +++ b/apps/emby/base/deployment.yaml @@ -48,6 +48,8 @@ spec: resources: limits: gpu.intel.com/i915: 1 # requesting 1 GPU + cpu: "0.3" + memory: "2G" livenessProbe: httpGet: path: /web/index.html diff --git a/apps/gitea/base/deployment.yaml b/apps/gitea/base/deployment.yaml index 41b8843..815fefe 100644 --- a/apps/gitea/base/deployment.yaml +++ b/apps/gitea/base/deployment.yaml @@ -26,7 +26,10 @@ spec: - name: ssh containerPort: 22 protocol: TCP - resources: {} + resources: + limits: + cpu: "0.1" + memory: "1G" volumeMounts: - mountPath: /data name: gitea diff --git a/apps/immich/deployment/database.yaml b/apps/immich/deployment/database.yaml index a8ad291..d9d1d64 100644 --- a/apps/immich/deployment/database.yaml +++ b/apps/immich/deployment/database.yaml @@ -22,7 +22,10 @@ spec: envFrom: - secretRef: name: immich-secret - resources: {} + resources: + limits: + cpu: "0.2" + memory: "1G" volumeMounts: - mountPath: /var/lib/postgresql/data name: pgdata diff --git a/apps/immich/deployment/redis.yaml b/apps/immich/deployment/redis.yaml index 3d2649e..3ad65ad 100644 --- a/apps/immich/deployment/redis.yaml +++ b/apps/immich/deployment/redis.yaml @@ -18,7 +18,10 @@ spec: containers: - image: registry.hub.docker.com/library/redis:6.2-alpine@sha256:84882e87b54734154586e5f8abd4dce69fe7311315e2fc6d67c29614c8de2672 name: immich-redis - resources: {} + resources: + limits: + cpu: "0.1" + memory: "250G" ports: - name: http containerPort: 6379 diff --git a/apps/immich/deployment/server.yaml b/apps/immich/deployment/server.yaml index ba26476..b620f60 100644 --- a/apps/immich/deployment/server.yaml +++ b/apps/immich/deployment/server.yaml @@ -30,7 +30,10 @@ spec: containerPort: 3002 hostPort: 3002 protocol: TCP - resources: {} + resources: + limits: + cpu: "0.5" + memory: "2G" volumeMounts: - mountPath: /usr/src/app/upload name: photos @@ -50,7 +53,10 @@ spec: containerPort: 3001 hostPort: 3001 protocol: TCP - resources: {} + resources: + limits: + cpu: "0.5" + memory: "2G" volumeMounts: - mountPath: /usr/src/app/upload name: photos diff --git a/apps/kube-dashboard/base/kube-dashboard-rolebinding.yaml b/apps/kube-dashboard/base/kube-dashboard-rolebinding.yaml deleted file mode 100644 index aa324fa..0000000 --- a/apps/kube-dashboard/base/kube-dashboard-rolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: dashboard-user -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: dashboard-user - namespace: kubernetes-dashboard \ No newline at end of file diff --git a/apps/kube-dashboard/base/kube-dashboard-serviceaccount.yaml b/apps/kube-dashboard/base/kube-dashboard-serviceaccount.yaml deleted file mode 100644 index 5f4adda..0000000 --- a/apps/kube-dashboard/base/kube-dashboard-serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dashboard-user - namespace: kubernetes-dashboard \ No newline at end of file diff --git a/apps/kube-dashboard/base/kube-dashboard-ui-ingress.yaml b/apps/kube-dashboard/base/kube-dashboard-ui-ingress.yaml deleted file mode 100644 index 5e2f69f..0000000 --- a/apps/kube-dashboard/base/kube-dashboard-ui-ingress.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: kubernetes-dashboard -spec: - entryPoints: - - web-local - - websecure-local - routes: - - match: Host(`kubernetes-dashboard.steffenillium.de`) - kind: Rule - services: - - name: kubernetes-dashboard - port: 80 diff --git a/apps/kube-dashboard/base/kube-dashboard-user-secret.yaml b/apps/kube-dashboard/base/kube-dashboard-user-secret.yaml deleted file mode 100644 index 546a142..0000000 --- a/apps/kube-dashboard/base/kube-dashboard-user-secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# Create long-live bearer token -# retrieve with: `kubectl get secret dashboard-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d` - -apiVersion: v1 -kind: Secret -metadata: - name: dashboard-user - namespace: kubernetes-dashboard - annotations: - kubernetes.io/service-account.name: "dashboard-user" -type: kubernetes.io/service-account-token \ No newline at end of file diff --git a/apps/kube-dashboard/kustomization.yaml b/apps/kube-dashboard/kustomization.yaml deleted file mode 100644 index 162fd56..0000000 --- a/apps/kube-dashboard/kustomization.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -namespace: kubernetes-dashboard - -resources: -- base/kube-dashboard-ui-ingress.yaml -- base/kube-dashboard-user-secret.yaml -- base/kube-dashboard-rolebinding.yaml -- base/kube-dashboard-serviceaccount.yaml -- https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml - -patches: -- path: patches/dashboard-insecure-access.yaml -- path: patches/dashboard-insecure-service.yaml - -components: - - ../../components/local-region-selector.yaml \ No newline at end of file diff --git a/apps/kube-dashboard/patches/dashboard-insecure-access.yaml b/apps/kube-dashboard/patches/dashboard-insecure-access.yaml deleted file mode 100644 index 1d4a389..0000000 --- a/apps/kube-dashboard/patches/dashboard-insecure-access.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kubernetes-dashboard - namespace: kubernetes-dashboard -spec: - selector: - matchLabels: - k8s-app: kubernetes-dashboard - template: - metadata: - labels: - k8s-app: kubernetes-dashboard - spec: - containers: - - name: kubernetes-dashboard - args: - # - '--auto-generate-certificates' - - '--namespace=kubernetes-dashboard' - - "--enable-insecure-login=true" - - "--insecure-bind-address=0.0.0.0" \ No newline at end of file diff --git a/apps/kube-dashboard/patches/dashboard-insecure-service.yaml b/apps/kube-dashboard/patches/dashboard-insecure-service.yaml deleted file mode 100644 index e574433..0000000 --- a/apps/kube-dashboard/patches/dashboard-insecure-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard -spec: - ports: - - port: 443 - name: websecure - targetPort: 8443 - - port: 80 - name: web - targetPort: 9090 - selector: - k8s-app: kubernetes-dashboard \ No newline at end of file diff --git a/apps/nextcloud/base/deployment.yaml b/apps/nextcloud/base/deployment.yaml index b9eba81..173fdbd 100644 --- a/apps/nextcloud/base/deployment.yaml +++ b/apps/nextcloud/base/deployment.yaml @@ -53,8 +53,8 @@ spec: key: MYSQL_PASSWORD resources: limits: - cpu: "0.2" - memory: "2Gi" + cpu: "0.3" + memory: "1G ports: - name: mariadb containerPort: 3306 @@ -68,7 +68,7 @@ spec: resources: limits: cpu: "0.1" - memory: "2Gi" + memory: "250M" ports: - name: redis containerPort: 6379 @@ -97,12 +97,14 @@ spec: - name: nextcloud containerPort: 80 protocol: TCP - resources: {} + resources: + limits: + cpu: "0.5" + memory: "2G" volumeMounts: - mountPath: /var/www/html name: nextcloud-pvc subPath: 99f37b73-8f14-44b2-9211-af5de21de749/html - - mountPath: /var/www/html/data name: nextcloud-data restartPolicy: Always diff --git a/apps/paperless/base/deployment.yaml b/apps/paperless/base/deployment.yaml index 3510c62..73d1295 100644 --- a/apps/paperless/base/deployment.yaml +++ b/apps/paperless/base/deployment.yaml @@ -22,7 +22,7 @@ spec: resources: limits: cpu: "0.2" - memory: "1Gi" + memory: "1G" volumeMounts: - mountPath: /var/lib/postgresql/data name: paperless-pvc @@ -49,7 +49,10 @@ spec: - name: http containerPort: 8000 protocol: TCP - resources: {} + resources: + limits: + cpu: "0.2" + memory: "2G" volumeMounts: - mountPath: /usr/src/paperless/data name: paperless-pvc @@ -101,7 +104,7 @@ spec: resources: limits: cpu: "0.1" - memory: "1Gi" + memory: "250M" restartPolicy: Always volumes: - name: paperless-pvc diff --git a/apps/sftpgo/base/deployment.yaml b/apps/sftpgo/base/deployment.yaml index 2558087..7b7a530 100644 --- a/apps/sftpgo/base/deployment.yaml +++ b/apps/sftpgo/base/deployment.yaml @@ -50,7 +50,10 @@ spec: # httpGet: # path: /healthz # port: telemetry - resources: {} + resources: + limits: + cpu: "0.1" + memory: "400M" securityContext: {} volumeMounts: - mountPath: /etc/sftpgo diff --git a/apps/vaultwarden/base/deployment.yaml b/apps/vaultwarden/base/deployment.yaml index 1575464..4a0c9a6 100644 --- a/apps/vaultwarden/base/deployment.yaml +++ b/apps/vaultwarden/base/deployment.yaml @@ -81,7 +81,10 @@ spec: ports: - containerPort: 80 protocol: TCP - resources: {} + resources: + limits: + cpu: "0.3" + memory: "1G" volumeMounts: - mountPath: /data name: vaultwarden-pvc