HGKeeper

imfreedom/k8s-cluster

Lower the resources for trac

14 months ago, Gary Kramlich

5e0f351f8ee3

Lower the resources for trac

We haven't had any stability issues with trac since we redirected the issues,
so we're going to lower the resources to reflect that and hopefully bring them
down a bit more over time.

# yamllint disable

# The most recent CRDs and RBAC configurations can be found at

# https://doc.traefik.io/traefik/reference/dynamic-configuration/kubernetes-crd/#definitions

---

apiVersion: traefik.containo.us/v1alpha1

kind: TLSOption

metadata:

name: default

spec:

minVersion: VersionTLS12

maxVersion: VersionTLS13

cipherSuites:

- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

sniStrict: true

---

apiVersion: policy/v1

kind: PodDisruptionBudget

metadata:

name: traefik

spec:

minAvailable: 1

selector:

matchLabels:

app: traefik

role: controller

---

apiVersion: apps/v1

kind: Deployment

metadata:

name: traefik

labels:

app: traefik

role: controller

spec:

replicas: 4

revisionHistoryLimit: 0

selector:

matchLabels:

app: traefik

role: controller

template:

metadata:

labels:

app: traefik

role: controller

prometheus: cluster-wide

spec:

affinity:

podAntiAffinity:

preferredDuringSchedulingIgnoredDuringExecution:

- podAffinityTerm:

labelSelector:

matchExpressions:

- key: app

operator: In

values:

- traefik

- key: role

operator: In

values:

- controller

topologyKey: failure-domain.beta.kubernetes.io/region

weight: 100

serviceAccountName: traefik-ingress-controller

containers:

- name: traefik-ingress-controller

image: docker.io/traefik:v2.9.6

args:

- "--global.checknewversion=false"

- "--global.sendanonymoususage=false"

- "--api.dashboard=true"

- "--api.insecure=true"

- "--ping=true"

- "--providers.kubernetescrd=true"

- "--providers.kubernetesingress=true"

- "--metrics.prometheus=true"

- "--log.level=error"

- "--entryPoints.traefik.address=:9000"

- "--entryPoints.https.address=:8443"

- "--entryPoints.http.address=:8080"

- "--entryPoints.keep-ssh.address=:22222"

- "--entryPoints.xmpp-c2s.address=:5222"

- "--entryPoints.xmpp-s2s.address=:5269"

readinessProbe:

httpGet:

path: /ping

port: 9000

failureThreshold: 1

initialDelaySeconds: 10

periodSeconds: 10

successThreshold: 1

timeoutSeconds: 2

livenessProbe:

httpGet:

path: /ping

port: 9000

failureThreshold: 3

initialDelaySeconds: 10

periodSeconds: 10

successThreshold: 1

timeoutSeconds: 2

ports:

- name: traefik

containerPort: 9000

- name: keep-ssh

containerPort: 22222

- name: http

containerPort: 8080

- name: https

containerPort: 8443

- name: xmpp-c2s

containerPort: 5222

- name: xmpp-s2s

containerPort: 5269

resources:

limits:

cpu: 300m

memory: 150Mi

requests:

cpu: 100m

memory: 50Mi

---

apiVersion: v1

kind: Service

metadata:

name: ingress

labels:

app: ingress

role: controller

spec:

selector:

app: traefik

role: controller

type: LoadBalancer

externalTrafficPolicy: Cluster

ports:

- name: http

port: 80

targetPort: http

- name: https

port: 443

targetPort: https

- name: hgkeeper

port: 22

targetPort: keep-ssh

- name: xmpp-c2s

port: 5222

targetPort: xmpp-c2s

- name: xmpp-s2s

port: 5269

targetPort: xmpp-s2s

---

apiVersion: v1

kind: Service

metadata:

name: traefik-dashboard

labels:

app: ingress

role: dashboard

spec:

selector:

app: traefik

role: controller

ports:

- port: 9000

name: traefik

protocol: TCP

---