vikingowl/marktvogt.de
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2ea8a9a6f3b2adbec570ef1837f9f675ea3d27d6
marktvogt.de/web/deploy/helm/values.yaml
vikingowl f9b77f362f chore(helm): right-size resource requests/limits per cluster telemetry 
Drop requests to match observed peak usage and widen CPU limits for
burst headroom (Burstable QoS). Backend, web, Postgres, and Dragonfly
all had requests == limits pinned at defaults well above measured
7-day peaks.

- backend: req 100m/128Mi -> 50m/64Mi, lim 100m/128Mi -> 200m/128Mi
- web:     req 100m/128Mi -> 50m/96Mi, lim 100m/128Mi -> 200m/128Mi
- postgres (CNPG): req 50m/256Mi -> 15m/128Mi, lim 200m/512Mi -> 100m/256Mi
- dragonfly: req 100m/128Mi -> 100m/72Mi, lim 100m/128Mi -> 150m/128Mi

RAM limits unchanged where reasonable to preserve OOM protection;
Dragonfly CPU request kept at 100m (peak 74m) but limit raised to
avoid throttling under brief bursts.
2026-04-18 04:36:12 +02:00

71 lines
1.3 KiB
YAML
Raw Blame History

image:
repository: registry.itsh.dev/vikingowl/marktvogt.de/web
tag: "latest"
pullPolicy: IfNotPresent
imagePullSecrets:
- name: itsh-registry
nameOverride: ""
fullnameOverride: ""
replicaCount: 1
service:
port: 80
targetPort: 3000
httpRoute:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hostname: marktvogt.de
gatewayName: default
gatewayNamespace: nginx-gateway
sectionName: https-marktvogt-de
resources:
requests:
cpu: 50m
memory: 96Mi
limits:
cpu: 200m
memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 3
targetCPUUtilizationPercentage: 80
pdb:
enabled: false
minAvailable: 1
podSecurityContext:
runAsNonRoot: true
runAsUser: 65534
fsGroup: 65534
seccompProfile:
type: RuntimeDefault
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
config:
# Required by adapter-node — must match the public-facing origin exactly
ORIGIN: "https://marktvogt.de"
NODE_ENV: production
PORT: "3000"
HOST: "0.0.0.0"
# Cloudflare Turnstile — read at runtime via $env/dynamic/public
PUBLIC_TURNSTILE_SITE_KEY: "0x4AAAAAACjLCV-78Ql1oTPz"
nodeSelector: {}
tolerations: []
affinity: {}
Reference in New Issue View Git Blame Copy Permalink