From 43f427e06a83aea8979e1b54f7ea7f2d24ab28cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= Date: Fri, 22 Nov 2024 07:50:55 +0100 Subject: [PATCH] fix(helmfile): Streamline `requests.cpu` in `resources.yaml` --- .../self-signed-certificates.md | 2 +- docs/getting-started.md | 60 +++++++++---------- helmfile/environments/default/resources.yaml | 4 +- 3 files changed, 33 insertions(+), 33 deletions(-) diff --git a/docs/enhanced-configuration/self-signed-certificates.md b/docs/enhanced-configuration/self-signed-certificates.md index be72c4b6..05d0ad26 100644 --- a/docs/enhanced-configuration/self-signed-certificates.md +++ b/docs/enhanced-configuration/self-signed-certificates.md @@ -90,7 +90,7 @@ multiple namespaces in a cluster. commonName: opendesk.eu secretName: opendesk-root-cert-secret subject: - organizations: "openDesk cluster root certificate organization" + organizations: [ "openDesk cluster root certificate organization" ] privateKey: algorithm: ECDSA size: 256 diff --git a/docs/getting-started.md b/docs/getting-started.md index 2b6ae354..879d3596 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -59,16 +59,16 @@ For the following guide, we will use `dev` as environment where variables can be The deployment is designed to deploy each application/service under a dedicated subdomain. For your convenience, we recommend creating a `*.domain.tld` A-Record to your cluster ingress controller; otherwise, you must create an A-Record for each subdomain. -| Record name                   | Type | Value                                              | Additional information                                           | -|-------------------------------|------|----------------------------------------------------|------------------------------------------------------------------| -| *.domain.tld                  | A    | IPv4 address of your Ingress Controller            |                                                                  | -| *.domain.tld                  | AAAA | IPv6 address of your Ingress Controller            |                                                                  | -| mail.domain.tld               | A    | IPv4 address of your postfix NodePort/LoadBalancer | Optional mail should directly be delivered to openDesk's Postfix | -| mail.domain.tld               | AAAA | IPv6 address of your postfix NodePort/LoadBalancer | Optional mail should directly be delivered to openDesk's Postfix | -| domain.tld                    | MX   | `10 mail.domain.tld` |                                                                  | -| domain.tld                    | TXT  | `v=spf1 +a +mx +a:mail.domain.tld ~all` | Optional, use proper MTA record if present                       | -| _dmarc.domain.tld             | TXT  | `v=DMARC1; p=quarantine` | Optional                                                         | -| default._domainkey.domain.tld | TXT  | `v=DKIM1; k=rsa; h=sha256; ...` | Optional DKIM settings                                           | +| Record name | Type | Value | Additional information | +| ----------------------------- | ---- | -------------------------------------------------- | ---------------------------------------------------------------- | +| *.domain.tld | A | IPv4 address of your Ingress Controller | | +| *.domain.tld | AAAA | IPv6 address of your Ingress Controller | | +| mail.domain.tld | A | IPv4 address of your postfix NodePort/LoadBalancer | Optional mail should directly be delivered to openDesk's Postfix | +| mail.domain.tld | AAAA | IPv6 address of your postfix NodePort/LoadBalancer | Optional mail should directly be delivered to openDesk's Postfix | +| domain.tld | MX | `10 mail.domain.tld` | | +| domain.tld | TXT | `v=spf1 +a +mx +a:mail.domain.tld ~all` | Optional, use proper MTA record if present | +| _dmarc.domain.tld | TXT | `v=DMARC1; p=quarantine` | Optional | +| default._domainkey.domain.tld | TXT | `v=DKIM1; k=rsa; h=sha256; ...` | Optional DKIM settings | ## Domain @@ -99,27 +99,27 @@ export DOMAIN=domain.tld All available apps and their default value are in `helmfile/environments/default/workplace.yaml`. -| Component            | Name                        | Default | Description                    | +| Component | Name | Default | Description | | -------------------- | --------------------------- | ------- | ------------------------------ | -| Certificates         | `certificates.enabled` | `true` | TLS certificates               | -| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine               | -| ClamAV (Simple)      | `clamavSimple.enabled` | `true` | Antivirus engine               | -| Collabora            | `collabora.enabled` | `true` | Weboffice                      | -| CryptPad             | `cryptpad.enabled` | `true` | Weboffice                      | -| Dovecot              | `dovecot.enabled` | `true` | Mail backend                   | -| Element              | `element.enabled` | `true` | Secure communications platform | -| Jitsi                | `jitsi.enabled` | `true` | Videoconferencing              | -| MariaDB              | `mariadb.enabled` | `true` | Database                       | -| Memcached            | `memcached.enabled` | `true` | Cache Database                 | -| MinIO                | `minio.enabled` | `true` | Object Storage                 | -| Nextcloud            | `nextcloud.enabled` | `true` | File share                     | -| Nubus                | `nubus.enabled` | `true` | Identity Management & Portal   | -| OpenProject          | `openproject.enabled` | `true` | Project management             | -| OX Appsuite          | `oxAppsuite.enabled` | `true` | Groupware                      | -| Postfix              | `postfix.enabled` | `true` | MTA                            | -| PostgreSQL           | `postgresql.enabled` | `true` | Database                       | -| Redis                | `redis.enabled` | `true` | Cache Database                 | -| XWiki                | `xwiki.enabled` | `true` | Knowledge management           | +| Certificates | `certificates.enabled` | `true` | TLS certificates | +| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine | +| ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine | +| Collabora | `collabora.enabled` | `true` | Weboffice | +| CryptPad | `cryptpad.enabled` | `true` | Weboffice | +| Dovecot | `dovecot.enabled` | `true` | Mail backend | +| Element | `element.enabled` | `true` | Secure communications platform | +| Jitsi | `jitsi.enabled` | `true` | Videoconferencing | +| MariaDB | `mariadb.enabled` | `true` | Database | +| Memcached | `memcached.enabled` | `true` | Cache Database | +| MinIO | `minio.enabled` | `true` | Object Storage | +| Nextcloud | `nextcloud.enabled` | `true` | File share | +| Nubus | `nubus.enabled` | `true` | Identity Management & Portal | +| OpenProject | `openproject.enabled` | `true` | Project management | +| OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | +| Postfix | `postfix.enabled` | `true` | MTA | +| PostgreSQL | `postgresql.enabled` | `true` | Database | +| Redis | `redis.enabled` | `true` | Cache Database | +| XWiki | `xwiki.enabled` | `true` | Knowledge management | Exemplary, Jitsi can be disabled like: diff --git a/helmfile/environments/default/resources.yaml b/helmfile/environments/default/resources.yaml index b9cf1794..cc36b8b1 100644 --- a/helmfile/environments/default/resources.yaml +++ b/helmfile/environments/default/resources.yaml @@ -96,7 +96,7 @@ resources: cpu: 99 memory: "128Mi" requests: - cpu: "10m" + cpu: 0.01 memory: "48Mi" # The jifico and jvb containers require 3GB memory for the Java process, so we limit it to 3.5Gi overall consumption. jvb: @@ -377,7 +377,7 @@ resources: cpu: 99 memory: "4Gi" requests: - cpu: 1 + cpu: 0.5 memory: "256Mi" synapseWeb: limits: