Merge branch 'kuntke/size-profiles' into 'develop'

Draft: feat(size-profiles): Add size profiles See merge request bmi/opendesk/deployment/opendesk!1122
feat(size-profiles): Size profile overrides via helmfile selectable
2025-12-06 15:31:38 +01:00 · 2025-12-05 16:15:34 +00:00 · 2025-12-05 17:11:32 +01:00 · 2025-12-05 12:05:28 +01:00 · 2025-12-05 10:06:23 +01:00
16 changed files with 3905 additions and 0 deletions
--- a/docs/scaling.md
+++ b/docs/scaling.md
@@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0
 <h1>Scaling</h1>
 This document covers the possibilities to scale the applications in openDesk.
 You may also want to review the prepared [size profiles](./size-profiles.md).
 It provides rough benchmarks for configuring your own environment across various scale levels.
 In production, resource demands are primarily driven by actual usage patterns and system load, especially the number of concurrently active users.
@@ -25,6 +26,7 @@ Consequently, we strongly recommend implementing monitoring and logging solution
 [^1]: Nextcloud is configured for attachment storage as well.
 # Upstream information
 While scaling services horizontally is the ideal solution, information about vertical scaling is helpful
--- a/docs/size-profiles.md
+++ b/docs/size-profiles.md
@@ -0,0 +1,49 @@
 <!--
 SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 SPDX-License-Identifier: Apache-2.0
 -->
 <h1>Size Profiles</h1>
 This repository contains base profiles for the following maximum user counts:
 - 500
 - 5,000 (5k)
 - 50,000 (50k)
 - 100,000 (100k)
 # Assumptions
 These profiles were created with some assumptions in mind:
 - Regular load without application-specific emphasis
 - 10% concurrent user load at max on individual applications
 As user profiles can vary significantly between different instances, you may want to adjust these values.
 For information on adjusting values, refer to the [scaling](./scaling.md) documentation for openDesk.
 # Hardware Requirements
 The following table provides an overview of CPU and memory requirements, including [external services](./external-services.md).
 The available memory in the cluster should be between the request and limit values. Actual memory utilization varies depending on usage patterns but will unlikely consume the complete setup limit.
 | **Profile** | CPUs | Memory (Gi), request | Memory (Gi), limit |
 |-------------|------|----------------------|--------------------|
 |     **500** |  >25 |                   32 |                141 |
 |      **5k** |  >54 |                   86 |                551 |
 |     **50k** | >206 |                  422 |               2058 |
 |    **100k** | >336 |                  711 |               3418 |
 # Location
 `/helmfile/environments/default-size-<max-user-profile>-overrides/`
 # Deployment
 Set the environment variable `SIZE_PROFILE` to `500`, `5k`, `50k`, or `100k` when using helmfile to use one profile.
 # Notes
 The size profiles contain resource definitions for [external services](./external-services.md) that can be used as guidance for production-grade service requirements.
 Large and very large instances (50k and 100k) also require more allowed concurrent connections (`max_connections`) on the databases (especially PostgreSQL) than the default value (100).
--- a/helmfile/bases/environments.yaml.gotmpl
+++ b/helmfile/bases/environments.yaml.gotmpl
@@ -8,12 +8,30 @@ environments:
      {{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
      - "../../environments/default-enterprise-overrides/*.yaml.gotmpl"
      {{- end }}
      {{- if eq (env "SIZE_PROFILE") "500" }}
      - "../../environments/default-size-500-overrides/*.yaml.gotmpl"
      {{- else if eq (env "SIZE_PROFILE") "5k" }}
      - "../../environments/default-size-5k-overrides/*.yaml.gotmpl"
      {{- else if eq (env "SIZE_PROFILE") "50k" }}
      - "../../environments/default-size-50k-overrides/*.yaml.gotmpl"
      {{- else if eq (env "SIZE_PROFILE") "100k" }}
      - "../../environments/default-size-100k-overrides/*.yaml.gotmpl"
      {{- end }}
  dev:
    values:
      - "../../environments/default/*.yaml.gotmpl"
      {{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
      - "../../environments/default-enterprise-overrides/*.yaml.gotmpl"
      {{- end }}
      {{- if eq (env "SIZE_PROFILE") "500" }}
      - "../../environments/default-size-500-overrides/*.yaml.gotmpl"
      {{- else if eq (env "SIZE_PROFILE") "5k" }}
      - "../../environments/default-size-5k-overrides/*.yaml.gotmpl"
      {{- else if eq (env "SIZE_PROFILE") "50k" }}
      - "../../environments/default-size-50k-overrides/*.yaml.gotmpl"
      {{- else if eq (env "SIZE_PROFILE") "100k" }}
      - "../../environments/default-size-100k-overrides/*.yaml.gotmpl"
      {{- end }}
      - "../../environments/dev/*.yaml.gotmpl"
  test:
    values:
@@ -21,6 +39,15 @@ environments:
      {{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
      - "../../environments/default-enterprise-overrides/*.yaml.gotmpl"
      {{- end }}
      {{- if eq (env "SIZE_PROFILE") "500" }}
      - "../../environments/default-size-500-overrides/*.yaml.gotmpl"
      {{- else if eq (env "SIZE_PROFILE") "5k" }}
      - "../../environments/default-size-5k-overrides/*.yaml.gotmpl"
      {{- else if eq (env "SIZE_PROFILE") "50k" }}
      - "../../environments/default-size-50k-overrides/*.yaml.gotmpl"
      {{- else if eq (env "SIZE_PROFILE") "100k" }}
      - "../../environments/default-size-100k-overrides/*.yaml.gotmpl"
      {{- end }}
      - "../../environments/test/*.yaml.gotmpl"
  prod:
    values:
@@ -28,5 +55,14 @@ environments:
      {{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
      - "../../environments/default-enterprise-overrides/*.yaml.gotmpl"
      {{- end }}
      {{- if eq (env "SIZE_PROFILE") "500" }}
      - "../../environments/default-size-500-overrides/*.yaml.gotmpl"
      {{- else if eq (env "SIZE_PROFILE") "5k" }}
      - "../../environments/default-size-5k-overrides/*.yaml.gotmpl"
      {{- else if eq (env "SIZE_PROFILE") "50k" }}
      - "../../environments/default-size-50k-overrides/*.yaml.gotmpl"
      {{- else if eq (env "SIZE_PROFILE") "100k" }}
      - "../../environments/default-size-100k-overrides/*.yaml.gotmpl"
      {{- end }}
      - "../../environments/prod/*.yaml.gotmpl"
 ...
--- a/helmfile/environments/default-size-100k-overrides/persistence.yaml.gotmpl
+++ b/helmfile/environments/default-size-100k-overrides/persistence.yaml.gotmpl
@@ -0,0 +1,69 @@
 # SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-License-Identifier: Apache-2.0
 ---
 persistence:
  # Will be used as default if not otherwise define on the component level
  storageClassNames:
    RWX: ""
    RWO: ""
  storages:
    cassandra:
      size: "300Gi"
      commitLogsize: "8Gi"
      storageClassName: ~
    clamav:
      size: "1Gi"
      storageClassName: ~
    dovecot:
      size: "1200Gi"
      storageClassName: ~
    mariadb:
      size: "320Gi"
      storageClassName: ~
    matrixNeoDateFixBot:
      size: "1Gi"
      storageClassName: ~
    minio:
      size: "2500Gi" # Open-Xchange: "10000Gi", with just 100Mi per user + OpenProject: "4000Gi" + Nextcloud: "10000Gi", with just 100Mi per user + Nubus: "50Gi" + Notes: "50Gi"
      storageClassName: ~
    nubusLdapServerData:
      size: "25Gi"
      storageClassName: ~
    nubusPortalConsumer:
      size: "25Gi"
      storageClassName: ~
    nubusProvisioningNats:
      size: "25Gi"
      storageClassName: ~
    # This option was introduced with openDesk 1.6. For now we want to use the Helm charts default empty string
    # to avoid issues during the upgrade modifying an existing PV, as the migrations in 1.6 required a smooth
    # Nubus deployment.
    # In a later openDesk release we will advise in the migrations.md to explicitly set this on existing deployments
    # to the default storage class.
    nubusUdmListener:
      size: "1Gi"
      #storageClassName: ""
    oxConnector:
      size: "1Gi"
      # This value is not passed on to the related Helm chart yet, but required for linting purposes.
      storageClassName: ~
    postfix:
      size: "50Gi"
      storageClassName: ~
    postgresql:
      size: "1000Gi"
      storageClassName: ~
    prosody:
      size: "1Gi"
      storageClassName: ~
    redis:
      size: "75Gi"
      storageClassName: ~
    synapse:
      size: "10000Gi" # just 100Mi per user
      storageClassName: ~
    xwiki:
      size: "50Gi"
      storageClassName: ~
 ...
--- a/helmfile/environments/default-size-100k-overrides/replicas.yaml.gotmpl
+++ b/helmfile/environments/default-size-100k-overrides/replicas.yaml.gotmpl
@@ -0,0 +1,230 @@
 # SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-License-Identifier: Apache-2.0
 ---
 replicas:
  ## Note: Databases should be deployed separately
  # -- component: Cassandra
  # -- scalable: tbd
  cassandra: 3
  # -- component: Persistence Layer
  # -- scalable: false
  mariadb: 1
  # -- scalable: false
  memcached: 1
  # -- scalable: true
  minio: 1
  # -- scalable: false
  postgres: 1
  # -- scalable: tbd
  redis: 1
  # ClamAV
  # -- component: Antivirus (ClamAV)
  # -- scalable: true
  # -- comment: clamav-simple - supports `ReadWriteOnce` PVCs.
  clamav: 3
  # -- scalable: true
  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
  clamd: 3
  # -- scalable: true
  # -- comment: clamav-distributed - You do not want to scale this service, as it just updates the signature files
  # centrally an should be a singleton.
  freshclam: 1
  # -- scalable: true
  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
  icap: 3
  # -- scalable: true
  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
  milter: 3
  # IAM / Nubus
  # -- component: IAM (Nubus)
  # -- scalable: true
  intercomService: 1
  # -- scalable: true
  keycloak: 5
  # -- scalable: false
  oxConnector: 1
  # -- scalable: tbd
  umsGuardianAuthorizationApi: 1
  # -- scalable: tbd
  umsGuardianManagementApi: 1
  # -- scalable: tbd
  umsGuardianManagementUi: 1
  # -- scalable: tbd
  umsGuardianOpenPolicyAgent: 1
  # -- scalable: false
  # -- comment: Should not be scaled, is an async process.
  umsKeycloakExtensionsHandler: 1
  # -- scalable: true
  umsKeycloakExtensionsProxy: 1
  # -- scalable: tbd
  umsLdapNotifier: 1
  # -- scalable: true
  # -- comment: Please find details on the following `umsLdapServer*` entries in the upstream documentation:
  # https://docs.software-univention.de/nubus-kubernetes-operation/latest/en/configuration/ldap.html#directory-service-high-availability-and-scalability
  umsLdapServerPrimary: 2
  # -- scalable: true
  umsLdapServerSecondary: 8
  # -- scalable: true
  # -- comment: The LDAP proxy is only required in situations where there are clients outside of UDM writing into the
  # LDAP like Samba. This is not a use case within openDesk so the LDAP Proxy's replica count should be kept at `0`
  umsLdapServerProxy: 0
  # -- scalable: tbd
  umsNotificationsApi: 2
  # -- scalable: true
  umsPortalFrontend: 8
  # -- scalable: false
  umsPortalConsumer: 1
  # -- scalable: true
  umsPortalServer: 20
  # -- scalable: tdb
  umsProvisioningApi: 1
  # -- scalable: false
  umsProvisioningDispatcher: 1
  # -- scalable: tdb
  umsProvisioningNats: 1
  # -- scalable: tdb
  umsProvisioningPrefill: 1
  # -- scalable: false
  umsProvisioningUdmTransformer: 1
  # -- scalable: tbd
  umsSelfserviceConsumer: 1
  # -- scalable: true
  umsUdmListener: 1
  # -- scalable: tbd
  umsUdmRestApi: 8
  # -- scalable: tbd
  umsUmcGateway: 1
  # -- scalable: tbd
  umsUmcServer: 16
  # -- scalable: tbd
  umsUmcServerProxy: 1
  # -- scalable: true
  nginxS3Gateway: 1
  # Nextcloud
  # -- component: Filestore (Nextcloud)
  # -- scalable: true
  nextcloud: 12
  # -- scalable: true
  nextcloudNotifyPush: 1
  # -- scalable: true
  nextcloudExporter: 1
  # Collabora:
  # -- component: Weboffice (Collabora)
  # -- scalable: true
  # -- comment: If Collabora Controller is enabled, Collabora is autoscaling and the value below will be ignored.
  # Please check `enterpriseFeatures.collabora.autoscaling` for autoscaling settings.
  collabora: 50
  # -- scalable: true
  # -- comment: Load between Collabora Controller Pods is going to one Pod (the leader) only, therefore raise the number
  # e.g. to `2` for high availability of the Collabora Controller.
  collaboraController: 1
  # Cryptpad
  # -- component: Pad (CryptPad)
  # -- scalable: false
  cryptpad: 1
  # OX App Suite
  # -- component: Groupware (OX AppSuite, OX Dovecot etc.)
  # -- scalable: false
  # -- comment: Scalable in openDesk Enterprise only
  dovecot: 1
  # -- component: Groupware (OX App Suite)
  # -- scalable: tbd
  openxchangeCoreDocumentConverter: 1
  # -- scalable: tbd
  openxchangeCoreGuidedtours: 1
  # -- scalable: tbd
  openxchangeCoreImageConverter: 1
  # -- scalable: tbd
  openxchangeCoreMW: 17
  # -- scalable: tbd
  openxchangeCoreUI: 1
  # -- scalable: tbd
  openxchangeCoreUIMiddleware: 2
  # -- scalable: tbd
  openxchangeCoreUserGuide: 1
  # -- scalable: tbd
  openxchangeGotenberg: 1
  # -- scalable: tbd
  openxchangeGuardUI: 1
  # -- scalable: tbd
  openxchangeNextcloudIntegrationUI: 1
  # -- scalable: tbd
  openxchangePluginsUI: 1
  # -- scalable: tbd
  openxchangePublicSectorUI: 1
  # -- component: Project management (OpenProject)
  # -- scalable: true
  openprojectWeb: 53 # max 10'000 active users / 1'500 active users per 8 web workers = ~53 web workers
  # -- scalable: true
  # -- comment: Async service working on processing queue content. Can work on queues in parallel (when needed). Check
  # https://www.openproject.org/docs/installation-and-operations/installation/helm-chart/ for details, as e.g.
  # dedicated workers for specific queues are possible with OpenProject.
  openprojectWorker: 26 # max 10'000 active users / 1'500 active users per 4 background workers = ~26 web workers
  # -- component: Knowledge management (XWiki)
  # -- scalable: false
  xwiki: 1 # currently just vertial scaling
  # -- component: Chat (Element, Synapse)
  # -- scalable: true
  element: 9 # no information about that, but as it distributes the web client to the users' browsers, there should be some server running parallel
  # -- scalable: tbd
  matrixNeoBoardWidget: 1
  # -- scalable: tbd
  matrixNeoChoiceWidget: 1
  # -- scalable: tbd
  matrixNeoDateFixBot: 1
  # -- scalable: tbd
  matrixNeoDateFixWidget: 1
  # -- scalable: tbd
  matrixUserVerificationService: 1
  # -- scalable: tbd
  synapse: 24
  # -- scalable: true
  synapseWeb: 3 # no information about that, but as HAproxy, a redundant setup should be senseful in larger deployments
  # -- scalable: true		
  wellKnown: 1
  # -- component: Note taking (Notes) # No experience so far regarding heavy load (?), 10 replicas just a guess, atm
  # -- scalable: true
  notesBackend: 50
  # -- scalable: true
  notesFrontend: 10
  # -- scalable: true
  notesYProvider: 50
  # Jitsi
  # Current Helm Chart does only support one shard; shard can handle up to 1500 concurrent user
  # -- component: Video conference (Jitsi)
  # -- scalable: tbd
  jibri: 1
  # -- scalable: tbd
  jicofo: 1
  # -- scalable: tbd
  jigasi: 1
  # -- scalable: tbd
  jitsi: 1
  # -- scalable: tbd
  jitsiKeycloakAdapter: 1
  # -- scalable: tbd
  jvb: 15 # 15 jvb maximum per shard; each jvb with up to 8Gi memory
  # Jitsi
  # 3 shards, each for up to 4000 concurrent users
 ...
--- a/helmfile/environments/default-size-100k-overrides/resources.yaml.gotmpl
+++ b/helmfile/environments/default-size-100k-overrides/resources.yaml.gotmpl
@@ -0,0 +1,655 @@
 # SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-License-Identifier: Apache-2.0
 ---
 resources:
  cassandra:
    limits:
      cpu: 99
      memory: "26Gi"
    requests:
      cpu: 1
      memory: "1Gi"
  clamd:
    limits:
      cpu: 99
      memory: "16Gi"
    requests:
      cpu: 2
      memory: "2Gi"
  collabora:
    # without autoscaling:
    limits:
      cpu: 99
      memory: "26Gi"
    requests:
      cpu: 4
      memory: "8Gi"
    ## with autoscaling:
    #limits:
    #  cpu: 4
    #  memory: "8Gi"
    #requests:
    #  cpu: 4
    #  memory: "8Gi"
  collaboraController:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.5
      memory: "256Mi"
  cryptpad:
    limits:
      cpu: 99
      memory: "8Gi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  dkimpy:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  dovecot:
    limits:
      cpu: 8
      memory: "26Gi"
    requests:
      cpu: 1
      memory: "1Gi"
  element:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  freshclam:
    limits:
      cpu: 8
      memory: "1Gi"
    requests:
      cpu: 0.5
      memory: "512Mi"
  icap:
    limits:
      cpu: 8
      memory: "512Mi"
    requests:
      cpu: 0.5
      memory: "128Mi"
  intercomService:
    limits:
      cpu: 2
      memory: "1Gi"
    requests:
      cpu: 0.5
      memory: "128Mi"
  # The Jibri container requires 2Gi /dev/shm so we need a limit based on the expected memory consumption of the
  # service plus the 2Gi /dev/shm
  jibri:
    limits:
      cpu: 99
      memory: "3Gi"
    requests:
      cpu: 0.1
      memory: "384Mi"
  # The jicofo, jvb and jigasi containers require 3GB memory for the Java process, so we limit it to 3.5Gi overall consumption.
  jicofo:
    limits:
      cpu: 99
      memory: "3584Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  # The jicofo, jvb and jigasi containers require 3GB memory for the Java process, so we limit it to 3.5Gi overall consumption.
  jigasi:
    limits:
      cpu: 99
      memory: "3584Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  jitsi:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  jitsiKeycloakAdapter:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.01
      memory: "48Mi"
  # The jicofo, jvb and jigasi containers require 3GB memory for the Java process, so we limit it to 3.5Gi overall consumption.
  jvb:
    limits:
      cpu: 99
      memory: "8Gi"
    requests:
      cpu: 0.5
      memory: "1Gi"
  mariadb:
    limits:
      cpu: 99
      memory: "108Gi"
    requests:
      cpu: 1
      memory: "4Gi"
  matrixNeoBoardWidget:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "48Mi"
  matrixNeoChoiceWidget:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "48Mi"
  matrixNeoDateFixBot:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  matrixNeoDateFixWidget:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "48Mi"
  matrixUserVerificationService:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  memcached:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  milter:
    limits:
      cpu: 99
      memory: "96Mi"
    requests:
      cpu: 0.1
      memory: "16Mi"
  minio:
    limits:
      cpu: 8
      memory: "8Gi"
    requests:
      cpu: 1.5
      memory: "2Gi"
  nextcloud:
    limits:
      cpu: 11
      memory: "40Gi"
    requests:
      cpu: 2
      memory: "8Gi"
  nextcloudCron:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  nextcloudExporter:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  nextcloudNotifyPush:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  nginxS3Gateway:
    limits:
      cpu: 99
      memory: "64Mi"
    requests:
      cpu: "100m"
      memory: "16Mi"
  notesBackend:
    limits:
      cpu: 99
      memory: "3Gi"
    requests:
      cpu: 0.1
      memory: "768Mi"
  notesFrontend:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  notesYProvider:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "200Mi"
  opendeskKeycloakBootstrap:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  opendeskStaticFiles:
    limits:
      cpu: 99
      memory: "64Mi"
    requests:
      cpu: 0.01
      memory: "16Mi"
  openproject:
    limits:
      cpu: 99
      memory: "3Gi"
    requests:
      cpu: 0.1
      memory: "768Mi"
  openprojectDbInit:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  openprojectAppInit:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  openprojectSeederJob:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  openprojectWorkers:
    limits:
      cpu: 99
      memory: "4Gi"
    requests:
      cpu: 0.25
      memory: "512Mi"
  openxchangeCoreDocumentConverter:
    limits:
      cpu: 2
      memory: "6Gi"
    requests:
      cpu: 0.25
      memory: "1.25Gi"
  openxchangeCoreGuidedtours:
    limits:
      cpu: 1
      memory: "1Gi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  openxchangeCoreImageConverter:
    limits:
      cpu: 2
      memory: "6Gi"
    requests:
      cpu: 0.5
      memory: "1.25Gi"
  openxchangeCoreMW:
    limits:
      cpu: 4
      memory: "16Gi"
    requests:
      cpu: 1
      memory: "1.25Gi"
  openxchangeCoreUI:
    limits:
      cpu: 1
      memory: "1Gi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  openxchangeCoreUIMiddleware:
    limits:
      cpu: 1
      memory: "1536Mi"
    requests:
      cpu: 0.5
      memory: "192Mi"
  openxchangeCoreUIMiddlewareUpdater:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.5
      memory: "192Mi"
  openxchangeCoreUserGuide:
    limits:
      cpu: 1
      memory: "128Mi"
    requests:
      cpu: 0.02
      memory: "32Mi"
  openxchangeGotenberg:
    limits:
      cpu: 1
      memory: "512Mi"
    requests:
      cpu: 0.05
      memory: "32Mi"
  openxchangeGuardUI:
    limits:
      cpu: 1
      memory: "512Mi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  openxchangeNextcloudIntegrationUI:
    limits:
      cpu: 1
      memory: "512Mi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  openxchangePluginsUI:
    limits:
      cpu: 1
      memory: "1Gi"
    requests:
      cpu: 0.05
      memory: "32Mi"
  openxchangePublicSectorUI:
    limits:
      cpu: 1
      memory: "1Gi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  oxConnector:
    limits:
      cpu: 99
      memory: "4Gi"
    requests:
      cpu: 0.1
      memory: "1Gi"
  postfix:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "16Mi"
  postgresql:
    limits:
      cpu: 99
      memory: "1098Gi" # Element: "230Gi" + Nextcloud: "516Gi" + OpenProject: "96Gi" + XWiki: "256Gi"
    requests:
      cpu: 10
      memory: "128Gi"
  prosody:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  redis:
    limits:
      cpu: 16
      memory: "63Gi"
    requests:
      cpu: 2
      memory: "4Gi"
  synapse:
    limits:
      cpu: 99
      memory: "16Gi"
    requests:
      cpu: 1
      memory: "2Gi"
  synapseWeb:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "64Mi"
  umsGuardianManagementApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsGuardianManagementUi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsGuardianAuthorizationApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsKeycloak:
    limits:
      cpu: 99
      memory: "2Gi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  umsKeycloakBootstrap:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsKeycloakExtensionHandler:
    limits:
      cpu: 8
      memory: "1Gi"
    requests:
      cpu: 0.2
      memory: "250Mi"
  umsKeycloakExtensionProxy:
    limits:
      cpu: 8
      memory: "1Gi"
    requests:
      cpu: 0.2
      memory: "250Mi"
  umsLdapNotifier:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsLdapServer:
    limits:
      cpu: 8
      memory: "4Gi"
    requests:
      cpu: 3
      memory: "2Gi"
  umsNotificationsApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalFrontend:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalConsumer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalConsumerDependencies:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalServer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsProvisioningApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "100Mi"
  umsProvisioningDispatcher:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsProvisioningPrefill:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsProvisioningRegisterConsumers:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "64Mi"
  umsProvisioningUdmTransformer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "64Mi"
  umsProvisioningNats:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  umsSelfserviceConsumer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsStackDataUms:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsOpenPolicyAgent:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUdmListener:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUdmRestApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUdmRestApiInit:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUmcGateway:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUmcServer:
    limits:
      cpu: 2
      memory: "2Gi"
    requests:
      cpu: 0.3
      memory: "500Mi"
  wellKnown:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  xwiki:
    limits:
      cpu: 99
      memory: "192Gi"
    requests:
      cpu: 20
      memory: "34Gi"
 ...
--- a/helmfile/environments/default-size-500-overrides/persistence.yaml.gotmpl
+++ b/helmfile/environments/default-size-500-overrides/persistence.yaml.gotmpl
@@ -0,0 +1,69 @@
 # SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-License-Identifier: Apache-2.0
 ---
 persistence:
  # Will be used as default if not otherwise define on the component level
  storageClassNames:
    RWX: ""
    RWO: ""
  storages:
    cassandra:
      size: "10Gi"
      commitLogsize: "2560Mi"
      storageClassName: ~
    clamav:
      size: "1Gi"
      storageClassName: ~
    dovecot:
      size: "10Gi"
      storageClassName: ~
    mariadb:
      size: "5Gi"
      storageClassName: ~
    matrixNeoDateFixBot:
      size: "1Gi"
      storageClassName: ~
    minio:
      size: "122Gi" # Open-Xchange: "50Gi", with just 100Mi per user + OpenProject: "20Gi" + Nextcloud: "50Gi", with just 100Mi per user + Nubus: "1Gi" + Notes: "1Gi"
      storageClassName: ~
    nubusLdapServerData:
      size: "1Gi"
      storageClassName: ~
    nubusPortalConsumer:
      size: "1Gi"
      storageClassName: ~
    nubusProvisioningNats:
      size: "1Gi"
      storageClassName: ~
    # This option was introduced with openDesk 1.6. For now we want to use the Helm charts default empty string
    # to avoid issues during the upgrade modifying an existing PV, as the migrations in 1.6 required a smooth
    # Nubus deployment.
    # In a later openDesk release we will advise in the migrations.md to explicitly set this on existing deployments
    # to the default storage class.
    nubusUdmListener:
      size: "1Gi"
      #storageClassName: ""
    oxConnector:
      size: "1Gi"
      # This value is not passed on to the related Helm chart yet, but required for linting purposes.
      storageClassName: ~
    postfix:
      size: "1Gi"
      storageClassName: ~
    postgresql:
      size: "5Gi"
      storageClassName: ~
    prosody:
      size: "1Gi"
      storageClassName: ~
    redis:
      size: "1Gi"
      storageClassName: ~
    synapse:
      size: "50Gi" # just 100Mi per user
      storageClassName: ~
    xwiki:
      size: "5Gi"
      storageClassName: ~
 ...
--- a/helmfile/environments/default-size-500-overrides/replicas.yaml.gotmpl
+++ b/helmfile/environments/default-size-500-overrides/replicas.yaml.gotmpl
@@ -0,0 +1,227 @@
 # SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-License-Identifier: Apache-2.0
 ---
 replicas:
  ## Note: Databases should be deployed separately
  # -- component: Cassandra
  # -- scalable: tbd
  cassandra: 1
  # -- component: Persistence Layer
  # -- scalable: false
  mariadb: 1
  # -- scalable: false
  memcached: 1
  # -- scalable: true
  minio: 1
  # -- scalable: false
  postgres: 1
  # -- scalable: tbd
  redis: 1
  # ClamAV
  # -- component: Antivirus (ClamAV)
  # -- scalable: true
  # -- comment: clamav-simple - supports `ReadWriteOnce` PVCs.
  clamav: 1
  # -- scalable: true
  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
  clamd: 1
  # -- scalable: true
  # -- comment: clamav-distributed - You do not want to scale this service, as it just updates the signature files
  # centrally an should be a singleton.
  freshclam: 1
  # -- scalable: true
  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
  icap: 1
  # -- scalable: true
  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
  milter: 1
  # IAM / Nubus
  # -- component: IAM (Nubus)
  # -- scalable: true
  intercomService: 1
  # -- scalable: true
  keycloak: 1
  # -- scalable: false
  oxConnector: 1
  # -- scalable: tbd
  umsGuardianAuthorizationApi: 1
  # -- scalable: tbd
  umsGuardianManagementApi: 1
  # -- scalable: tbd
  umsGuardianManagementUi: 1
  # -- scalable: tbd
  umsGuardianOpenPolicyAgent: 1
  # -- scalable: false
  # -- comment: Should not be scaled, is an async process.
  umsKeycloakExtensionsHandler: 1
  # -- scalable: true
  umsKeycloakExtensionsProxy: 1
  # -- scalable: tbd
  umsLdapNotifier: 1
  # -- scalable: true
  # -- comment: Please find details on the following `umsLdapServer*` entries in the upstream documentation:
  # https://docs.software-univention.de/nubus-kubernetes-operation/latest/en/configuration/ldap.html#directory-service-high-availability-and-scalability
  umsLdapServerPrimary: 1
  # -- scalable: true
  umsLdapServerSecondary: 1
  # -- scalable: true
  # -- comment: The LDAP proxy is only required in situations where there are clients outside of UDM writing into the
  # LDAP like Samba. This is not a use case within openDesk so the LDAP Proxy's replica count should be kept at `0`
  umsLdapServerProxy: 0
  # -- scalable: tbd
  umsNotificationsApi: 1
  # -- scalable: true
  umsPortalFrontend: 1
  # -- scalable: false
  umsPortalConsumer: 1
  # -- scalable: true
  umsPortalServer: 1
  # -- scalable: tdb
  umsProvisioningApi: 1
  # -- scalable: false
  umsProvisioningDispatcher: 1
  # -- scalable: tdb
  umsProvisioningNats: 1
  # -- scalable: tdb
  umsProvisioningPrefill: 1
  # -- scalable: false
  umsProvisioningUdmTransformer: 1
  # -- scalable: tbd
  umsSelfserviceConsumer: 1
  # -- scalable: true
  umsUdmListener: 1
  # -- scalable: tbd
  umsUdmRestApi: 1
  # -- scalable: tbd
  umsUmcGateway: 1
  # -- scalable: tbd
  umsUmcServer: 1
  # -- scalable: tbd
  umsUmcServerProxy: 1
  # -- scalable: true
  nginxS3Gateway: 1
  # Nextcloud
  # -- component: Filestore (Nextcloud)
  # -- scalable: true
  nextcloud: 1
  # -- scalable: true
  nextcloudNotifyPush: 1
  # -- scalable: true
  nextcloudExporter: 1
  # Collabora:
  # -- component: Weboffice (Collabora)
  # -- scalable: true
  # -- comment: If Collabora Controller is enabled, Collabora is autoscaling and the value below will be ignored.
  # Please check `enterpriseFeatures.collabora.autoscaling` for autoscaling settings.
  collabora: 1
  # -- scalable: true
  # -- comment: Load between Collabora Controller Pods is going to one Pod (the leader) only, therefore raise the number
  # e.g. to `2` for high availability of the Collabora Controller.
  collaboraController: 1
  # Cryptpad
  # -- component: Pad (CryptPad)
  # -- scalable: false
  cryptpad: 1
  # OX App Suite
  # -- component: Groupware (OX AppSuite, OX Dovecot etc.)
  # -- scalable: false
  # -- comment: Scalable in openDesk Enterprise only
  dovecot: 1
  # -- component: Groupware (OX App Suite)
  # -- scalable: tbd
  openxchangeCoreDocumentConverter: 1
  # -- scalable: tbd
  openxchangeCoreGuidedtours: 1
  # -- scalable: tbd
  openxchangeCoreImageConverter: 1
  # -- scalable: tbd
  openxchangeCoreMW: 1
  # -- scalable: tbd
  openxchangeCoreUI: 1
  # -- scalable: tbd
  openxchangeCoreUIMiddleware: 1
  # -- scalable: tbd
  openxchangeCoreUserGuide: 1
  # -- scalable: tbd
  openxchangeGotenberg: 1
  # -- scalable: tbd
  openxchangeGuardUI: 1
  # -- scalable: tbd
  openxchangeNextcloudIntegrationUI: 1
  # -- scalable: tbd
  openxchangePluginsUI: 1
  # -- scalable: tbd
  openxchangePublicSectorUI: 1
  # -- component: Project management (OpenProject)
  # -- scalable: true
  openprojectWeb: 1 # max 50 active users
  # -- scalable: true
  # -- comment: Async service working on processing queue content. Can work on queues in parallel (when needed). Check
  # https://www.openproject.org/docs/installation-and-operations/installation/helm-chart/ for details, as e.g.
  # dedicated workers for specific queues are possible with OpenProject.
  openprojectWorker: 1 # max 50 active users
  # -- component: Knowledge management (XWiki)
  # -- scalable: false
  xwiki: 1 # currently just vertial scaling (resources)
  # -- component: Chat (Element, Synapse)
  # -- scalable: true
  element: 1 # no information about that, but as it distributes the web client to the users' browsers, there should be some server running parallel
  # -- scalable: tbd
  matrixNeoBoardWidget: 1
  # -- scalable: tbd
  matrixNeoChoiceWidget: 1
  # -- scalable: tbd
  matrixNeoDateFixBot: 1
  # -- scalable: tbd
  matrixNeoDateFixWidget: 1
  # -- scalable: tbd
  matrixUserVerificationService: 1
  # -- scalable: tbd
  synapse: 1 
  # -- scalable: true
  synapseWeb: 1 # no information about that, but as HAproxy, a redundant setup should be senseful in larger deployments
  # -- scalable: true		
  wellKnown: 1
  # -- component: Note taking (Notes) # No experience so far regarding heavy load (?), 10 replicas just a guess, atm
  # -- scalable: true
  notesBackend: 1
  # -- scalable: true
  notesFrontend: 1
  # -- scalable: true
  notesYProvider: 1
  # Jitsi
  # -- component: Video conference (Jitsi)
  # -- scalable: tbd
  jibri: 1
  # -- scalable: tbd
  jicofo: 1
  # -- scalable: tbd
  jigasi: 1
  # -- scalable: tbd
  jitsi: 1
  # -- scalable: tbd
  jitsiKeycloakAdapter: 1
  # -- scalable: tbd
  jvb: 1 
 ...
--- a/helmfile/environments/default-size-500-overrides/resources.yaml.gotmpl
+++ b/helmfile/environments/default-size-500-overrides/resources.yaml.gotmpl
@@ -0,0 +1,655 @@
 # SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-License-Identifier: Apache-2.0
 ---
 resources:
  cassandra:
    limits:
      cpu: 99
      memory: "4Gi"
    requests:
      cpu: 1
      memory: "1Gi"
  clamd:
    limits:
      cpu: 99
      memory: "4Gi"
    requests:
      cpu: 2
      memory: "2Gi"
  collabora:
    # without autoscaling:
    limits:
      cpu: 99
      memory: "8Gi"
    requests:
      cpu: 4
      memory: "8Gi"
    ## with autoscaling:
    #limits:
    #  cpu: 4
    #  memory: "8Gi"
    #requests:
    #  cpu: 4
    #  memory: "8Gi"
  collaboraController:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.5
      memory: "256Mi"
  cryptpad:
    limits:
      cpu: 99
      memory: "2Gi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  dkimpy:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  dovecot:
    limits:
      cpu: 99
      memory: "4Gi"
    requests:
      cpu: 1
      memory: "1Gi"
  element:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  freshclam:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "96Mi"
  icap:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "16Mi"
  intercomService:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "64Mi"
  # The Jibri container requires 2Gi /dev/shm so we need a limit based on the expected memory consumption of the
  # service plus the 2Gi /dev/shm
  jibri:
    limits:
      cpu: 99
      memory: "3Gi"
    requests:
      cpu: 0.1
      memory: "384Mi"
  # The jicofo, jvb and jigasi containers require 3GB memory for the Java process, so we limit it to 3.5Gi overall consumption.
  jicofo:
    limits:
      cpu: 99
      memory: "3584Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  # The jicofo, jvb and jigasi containers require 3GB memory for the Java process, so we limit it to 3.5Gi overall consumption.
  jigasi:
    limits:
      cpu: 99
      memory: "3584Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  jitsi:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  jitsiKeycloakAdapter:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.01
      memory: "48Mi"
  # The jicofo, jvb and jigasi containers require 3GB memory for the Java process, so we limit it to 3.5Gi overall consumption.
  jvb:
    limits:
      cpu: 99
      memory: "8Gi"
    requests:
      cpu: 0.5
      memory: "1Gi"
  mariadb:
    limits:
      cpu: 99
      memory: "8Gi"
    requests:
      cpu: 1
      memory: "1Gi"
  matrixNeoBoardWidget:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "48Mi"
  matrixNeoChoiceWidget:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "48Mi"
  matrixNeoDateFixBot:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  matrixNeoDateFixWidget:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "48Mi"
  matrixUserVerificationService:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  memcached:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  milter:
    limits:
      cpu: 99
      memory: "96Mi"
    requests:
      cpu: 0.1
      memory: "16Mi"
  minio:
    limits:
      cpu: 99
      memory: "4Gi"
    requests:
      cpu: 1.5
      memory: "512Mi"
  nextcloud:
    limits:
      cpu: 1.5
      memory: "8Gi"
    requests:
      cpu: 1
      memory: "1Gi"
  nextcloudCron:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  nextcloudExporter:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  nextcloudNotifyPush:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  nginxS3Gateway:
    limits:
      cpu: 99
      memory: "64Mi"
    requests:
      cpu: "100m"
      memory: "16Mi"
  notesBackend:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  notesFrontend:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  notesYProvider:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  opendeskKeycloakBootstrap:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  opendeskStaticFiles:
    limits:
      cpu: 99
      memory: "64Mi"
    requests:
      cpu: 0.01
      memory: "16Mi"
  openproject:
    limits:
      cpu: 99
      memory: "3Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  openprojectDbInit:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  openprojectAppInit:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  openprojectSeederJob:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  openprojectWorkers:
    limits:
      cpu: 99
      memory: "4Gi"
    requests:
      cpu: 0.25
      memory: "512Mi"
  openxchangeCoreDocumentConverter:
    limits:
      cpu: 99
      memory: "6Gi"
    requests:
      cpu: 0.25
      memory: "1.25Gi"
  openxchangeCoreGuidedtours:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  openxchangeCoreImageConverter:
    limits:
      cpu: 99
      memory: "6Gi"
    requests:
      cpu: 0.5
      memory: "1.25Gi"
  openxchangeCoreMW:
    limits:
      cpu: 99
      memory: "15Gi"
    requests:
      cpu: 1
      memory: "1.25Gi"
  openxchangeCoreUI:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  openxchangeCoreUIMiddleware:
    limits:
      cpu: 1
      memory: "1536Mi"
    requests:
      cpu: 0.5
      memory: "192Mi"
  openxchangeCoreUIMiddlewareUpdater:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.5
      memory: "192Mi"
  openxchangeCoreUserGuide:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.02
      memory: "32Mi"
  openxchangeGotenberg:
    limits:
      cpu: 99
      memory: "96Mi"
    requests:
      cpu: 0.05
      memory: "32Mi"
  openxchangeGuardUI:
    limits:
      cpu: 99
      memory: "96Mi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  openxchangeNextcloudIntegrationUI:
    limits:
      cpu: 99
      memory: "96Mi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  openxchangePluginsUI:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.05
      memory: "32Mi"
  openxchangePublicSectorUI:
    limits:
      cpu: 99
      memory: "96Mi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  oxConnector:
    limits:
      cpu: 99
      memory: "2Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  postfix:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "16Mi"
  postgresql:
    limits:
      cpu: 99
      memory: "21Gi" # Element: "4Gi" + Nextcloud: "3Gi" + OpenProject: "8Gi" + XWiki: "6Gi"
    requests:
      cpu: 1
      memory: "8Gi"
  prosody:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  redis:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.5
      memory: "128Mi"
  synapse:
    limits:
      cpu: 99
      memory: "11Gi"
    requests:
      cpu: 1
      memory: "768Mi"
  synapseWeb:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "64Mi"
  umsGuardianManagementApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsGuardianManagementUi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsGuardianAuthorizationApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsKeycloak:
    limits:
      cpu: 99
      memory: "2Gi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  umsKeycloakBootstrap:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsKeycloakExtensionHandler:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "48Mi"
  umsKeycloakExtensionProxy:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "48Mi"
  umsLdapNotifier:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsLdapServer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsNotificationsApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalFrontend:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalConsumer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalConsumerDependencies:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalServer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsProvisioningApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "100Mi"
  umsProvisioningDispatcher:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsProvisioningPrefill:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsProvisioningRegisterConsumers:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "64Mi"
  umsProvisioningUdmTransformer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "64Mi"
  umsProvisioningNats:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  umsSelfserviceConsumer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsStackDataUms:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsOpenPolicyAgent:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUdmListener:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUdmRestApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUdmRestApiInit:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUmcGateway:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUmcServer:
    limits:
      cpu: 2
      memory: "2Gi"
    requests:
      cpu: 0.3
      memory: "500Mi"
  wellKnown:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  xwiki:
    limits:
      cpu: 99
      memory: "8Gi"
    requests:
      cpu: 4
      memory: "2Gi"
 ...
--- a/helmfile/environments/default-size-50k-overrides/persistence.yaml.gotmpl
+++ b/helmfile/environments/default-size-50k-overrides/persistence.yaml.gotmpl
@@ -0,0 +1,69 @@
 # SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-License-Identifier: Apache-2.0
 ---
 persistence:
  # Will be used as default if not otherwise define on the component level
  storageClassNames:
    RWX: ""
    RWO: ""
  storages:
    cassandra:
      size: "150Gi"
      commitLogsize: "8Gi"
      storageClassName: ~
    clamav:
      size: "1Gi"
      storageClassName: ~
    dovecot:
      size: "600Gi"
      storageClassName: ~
    mariadb:
      size: "160Gi"
      storageClassName: ~
    matrixNeoDateFixBot:
      size: "1Gi"
      storageClassName: ~
    minio:
      size: "12050Gi" # Open-Xchange: "5000Gi", with just 100Mi per user + OpenProject: "2000Gi" + Nextcloud: "5000Gi", with just 100Mi per user + Nubus: "25Gi" + Notes: "25Gi"
      storageClassName: ~
    nubusLdapServerData:
      size: "12Gi"
      storageClassName: ~
    nubusPortalConsumer:
      size: "12Gi"
      storageClassName: ~
    nubusProvisioningNats:
      size: "12Gi"
      storageClassName: ~
    # This option was introduced with openDesk 1.6. For now we want to use the Helm charts default empty string
    # to avoid issues during the upgrade modifying an existing PV, as the migrations in 1.6 required a smooth
    # Nubus deployment.
    # In a later openDesk release we will advise in the migrations.md to explicitly set this on existing deployments
    # to the default storage class.
    nubusUdmListener:
      size: "1Gi"
      #storageClassName: ""
    oxConnector:
      size: "1Gi"
      # This value is not passed on to the related Helm chart yet, but required for linting purposes.
      storageClassName: ~
    postfix:
      size: "25Gi"
      storageClassName: ~
    postgresql:
      size: "500Gi"
      storageClassName: ~
    prosody:
      size: "1Gi"
      storageClassName: ~
    redis:
      size: "38Gi"
      storageClassName: ~
    synapse:
      size: "5000Gi" # just 100Mi per user
      storageClassName: ~
    xwiki:
      size: "40Gi"
      storageClassName: ~
 ...
--- a/helmfile/environments/default-size-50k-overrides/replicas.yaml.gotmpl
+++ b/helmfile/environments/default-size-50k-overrides/replicas.yaml.gotmpl
@@ -0,0 +1,228 @@
 # SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-License-Identifier: Apache-2.0
 ---
 replicas:
  ## Note: Databases should be deployed separately
  # -- component: Cassandra
  # -- scalable: tbd
  cassandra: 3
  # -- component: Persistence Layer
  # -- scalable: false
  mariadb: 1
  # -- scalable: false
  memcached: 1
  # -- scalable: true
  minio: 1
  # -- scalable: false
  postgres: 1
  # -- scalable: tbd
  redis: 1
  # ClamAV
  # -- component: Antivirus (ClamAV)
  # -- scalable: true
  # -- comment: clamav-simple - supports `ReadWriteOnce` PVCs.
  clamav: 3
  # -- scalable: true
  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
  clamd: 3
  # -- scalable: true
  # -- comment: clamav-distributed - You do not want to scale this service, as it just updates the signature files
  # centrally an should be a singleton.
  freshclam: 1
  # -- scalable: true
  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
  icap: 3
  # -- scalable: true
  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
  milter: 3
  # IAM / Nubus
  # -- component: IAM (Nubus)
  # -- scalable: true
  intercomService: 1
  # -- scalable: true
  keycloak: 3
  # -- scalable: false
  oxConnector: 1
  # -- scalable: tbd
  umsGuardianAuthorizationApi: 1
  # -- scalable: tbd
  umsGuardianManagementApi: 1
  # -- scalable: tbd
  umsGuardianManagementUi: 1
  # -- scalable: tbd
  umsGuardianOpenPolicyAgent: 1
  # -- scalable: false
  # -- comment: Should not be scaled, is an async process.
  umsKeycloakExtensionsHandler: 1
  # -- scalable: true
  umsKeycloakExtensionsProxy: 1
  # -- scalable: tbd
  umsLdapNotifier: 1
  # -- scalable: true
  # -- comment: Please find details on the following `umsLdapServer*` entries in the upstream documentation:
  # https://docs.software-univention.de/nubus-kubernetes-operation/latest/en/configuration/ldap.html#directory-service-high-availability-and-scalability
  umsLdapServerPrimary: 2
  # -- scalable: true
  umsLdapServerSecondary: 4
  # -- scalable: true
  # -- comment: The LDAP proxy is only required in situations where there are clients outside of UDM writing into the
  # LDAP like Samba. This is not a use case within openDesk so the LDAP Proxy's replica count should be kept at `0`
  umsLdapServerProxy: 0
  # -- scalable: tbd
  umsNotificationsApi: 2
  # -- scalable: true
  umsPortalFrontend: 4
  # -- scalable: false
  umsPortalConsumer: 1
  # -- scalable: true
  umsPortalServer: 10
  # -- scalable: tdb
  umsProvisioningApi: 1
  # -- scalable: false
  umsProvisioningDispatcher: 1
  # -- scalable: tdb
  umsProvisioningNats: 1
  # -- scalable: tdb
  umsProvisioningPrefill: 1
  # -- scalable: false
  umsProvisioningUdmTransformer: 1
  # -- scalable: tbd
  umsSelfserviceConsumer: 1
  # -- scalable: true
  umsUdmListener: 1
  # -- scalable: tbd
  umsUdmRestApi: 4
  # -- scalable: tbd
  umsUmcGateway: 1
  # -- scalable: tbd
  umsUmcServer: 8
  # -- scalable: tbd
  umsUmcServerProxy: 1
  # -- scalable: true
  nginxS3Gateway: 1
  # Nextcloud
  # -- component: Filestore (Nextcloud)
  # -- scalable: true
  nextcloud: 8
  # -- scalable: true
  nextcloudNotifyPush: 1
  # -- scalable: true
  nextcloudExporter: 1
  # Collabora:
  # -- component: Weboffice (Collabora)
  # -- scalable: true
  # -- comment: If Collabora Controller is enabled, Collabora is autoscaling and the value below will be ignored.
  # Please check `enterpriseFeatures.collabora.autoscaling` for autoscaling settings.
  collabora: 25
  # -- scalable: true
  # -- comment: Load between Collabora Controller Pods is going to one Pod (the leader) only, therefore raise the number
  # e.g. to `2` for high availability of the Collabora Controller.
  collaboraController: 1
  # Cryptpad
  # -- component: Pad (CryptPad)
  # -- scalable: false
  cryptpad: 1
  # OX App Suite
  # -- component: Groupware (OX AppSuite, OX Dovecot etc.)
  # -- scalable: false
  # -- comment: Scalable in openDesk Enterprise only
  dovecot: 1
  # -- component: Groupware (OX App Suite)
  # -- scalable: tbd
  openxchangeCoreDocumentConverter: 1
  # -- scalable: tbd
  openxchangeCoreGuidedtours: 1
  # -- scalable: tbd
  openxchangeCoreImageConverter: 1
  # -- scalable: tbd
  openxchangeCoreMW: 17
  # -- scalable: tbd
  openxchangeCoreUI: 1
  # -- scalable: tbd
  openxchangeCoreUIMiddleware: 2
  # -- scalable: tbd
  openxchangeCoreUserGuide: 1
  # -- scalable: tbd
  openxchangeGotenberg: 1
  # -- scalable: tbd
  openxchangeGuardUI: 1
  # -- scalable: tbd
  openxchangeNextcloudIntegrationUI: 1
  # -- scalable: tbd
  openxchangePluginsUI: 1
  # -- scalable: tbd
  openxchangePublicSectorUI: 1
  # -- component: Project management (OpenProject)
  # -- scalable: true
  openprojectWeb: 26 # max 5'000 active users / 1'500 active users per 8 web workers = ~26 web workers
  # -- scalable: true
  # -- comment: Async service working on processing queue content. Can work on queues in parallel (when needed). Check
  # https://www.openproject.org/docs/installation-and-operations/installation/helm-chart/ for details, as e.g.
  # dedicated workers for specific queues are possible with OpenProject.
  openprojectWorker: 13 # max 5'000 active users / 1'500 active users per 4 background workers = ~13 web workers
  # -- component: Knowledge management (XWiki)
  # -- scalable: false
  xwiki: 1 # currently just vertial scaling
  # -- component: Chat (Element, Synapse)
  # -- scalable: true
  element: 5 # no information about that, but as it distributes the web client to the users' browsers, there should be some server running parallel
  # -- scalable: tbd
  matrixNeoBoardWidget: 1
  # -- scalable: tbd
  matrixNeoChoiceWidget: 1
  # -- scalable: tbd
  matrixNeoDateFixBot: 1
  # -- scalable: tbd
  matrixNeoDateFixWidget: 1
  # -- scalable: tbd
  matrixUserVerificationService: 1
  # -- scalable: tbd
  synapse: 12 
  # -- scalable: true
  synapseWeb: 3 # no information about that, but as HAproxy, a redundant setup should be senseful in larger deployments
  # -- scalable: true		
  wellKnown: 1
  # -- component: Note taking (Notes)
  # -- scalable: true
  notesBackend: 25
  # -- scalable: true
  notesFrontend: 5
  # -- scalable: true
  notesYProvider: 25
  # Jitsi
  # Current Helm Chart does only support one shard; shard can handle up to 1500 concurrent user
  # -- component: Video conference (Jitsi)
  # -- scalable: tbd
  jibri: 1
  # -- scalable: tbd
  jicofo: 1
  # -- scalable: tbd
  jigasi: 1
  # -- scalable: tbd
  jitsi: 1
  # -- scalable: tbd
  jitsiKeycloakAdapter: 1
  # -- scalable: tbd
  jvb: 15 # 15 jvb maximum per shard; each jvb with up to 8Gi memory
 ...
--- a/helmfile/environments/default-size-50k-overrides/resources.yaml.gotmpl
+++ b/helmfile/environments/default-size-50k-overrides/resources.yaml.gotmpl
@@ -0,0 +1,655 @@
 # SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-License-Identifier: Apache-2.0
 ---
 resources:
  cassandra:
    limits:
      cpu: 99
      memory: "26Gi"
    requests:
      cpu: 1
      memory: "1Gi"
  clamd:
    limits:
      cpu: 99
      memory: "16Gi"
    requests:
      cpu: 2
      memory: "2Gi"
  collabora:
    # without autoscaling:
    limits:
      cpu: 99
      memory: "26Gi"
    requests:
      cpu: 4
      memory: "8Gi"
    ## with autoscaling:
    #limits:
    #  cpu: 4
    #  memory: "8Gi"
    #requests:
    #  cpu: 4
    #  memory: "8Gi"
  collaboraController:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.5
      memory: "256Mi"
  cryptpad:
    limits:
      cpu: 99
      memory: "8Gi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  dkimpy:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  dovecot:
    limits:
      cpu: 8
      memory: "26Gi"
    requests:
      cpu: 1
      memory: "1Gi"
  element:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  freshclam:
    limits:
      cpu: 8
      memory: "1Gi"
    requests:
      cpu: 0.5
      memory: "512Mi"
  icap:
    limits:
      cpu: 8
      memory: "512Mi"
    requests:
      cpu: 0.5
      memory: "128Mi"
  intercomService:
    limits:
      cpu: 2
      memory: "1Gi"
    requests:
      cpu: 0.5
      memory: "128Mi"
  # The Jibri container requires 2Gi /dev/shm so we need a limit based on the expected memory consumption of the
  # service plus the 2Gi /dev/shm
  jibri:
    limits:
      cpu: 99
      memory: "3Gi"
    requests:
      cpu: 0.1
      memory: "384Mi"
  # The jicofo, jvb and jigasi containers require 3GB memory for the Java process, so we limit it to 3.5Gi overall consumption.
  jicofo:
    limits:
      cpu: 99
      memory: "3584Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  # The jicofo, jvb and jigasi containers require 3GB memory for the Java process, so we limit it to 3.5Gi overall consumption.
  jigasi:
    limits:
      cpu: 99
      memory: "3584Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  jitsi:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  jitsiKeycloakAdapter:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.01
      memory: "48Mi"
  # The jicofo, jvb and jigasi containers require 3GB memory for the Java process, so we limit it to 3.5Gi overall consumption.
  jvb:
    limits:
      cpu: 99
      memory: "8Gi"
    requests:
      cpu: 0.5
      memory: "1Gi"
  mariadb:
    limits:
      cpu: 99
      memory: "54Gi"
    requests:
      cpu: 1
      memory: "4Gi"
  matrixNeoBoardWidget:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "48Mi"
  matrixNeoChoiceWidget:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "48Mi"
  matrixNeoDateFixBot:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  matrixNeoDateFixWidget:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "48Mi"
  matrixUserVerificationService:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  memcached:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  milter:
    limits:
      cpu: 99
      memory: "96Mi"
    requests:
      cpu: 0.1
      memory: "16Mi"
  minio:
    limits:
      cpu: 8
      memory: "8Gi"
    requests:
      cpu: 1.5
      memory: "2Gi"
  nextcloud:
    limits:
      cpu: 9
      memory: "31Gi"
    requests:
      cpu: 2
      memory: "8Gi"
  nextcloudCron:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  nextcloudExporter:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  nextcloudNotifyPush:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  nginxS3Gateway:
    limits:
      cpu: 99
      memory: "64Mi"
    requests:
      cpu: "100m"
      memory: "16Mi"
  notesBackend:
    limits:
      cpu: 99
      memory: "3Gi"
    requests:
      cpu: 0.1
      memory: "768Mi"
  notesFrontend:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  notesYProvider:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "200Mi"
  opendeskKeycloakBootstrap:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  opendeskStaticFiles:
    limits:
      cpu: 99
      memory: "64Mi"
    requests:
      cpu: 0.01
      memory: "16Mi"
  openproject:
    limits:
      cpu: 99
      memory: "3Gi"
    requests:
      cpu: 0.1
      memory: "768Mi"
  openprojectDbInit:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  openprojectAppInit:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  openprojectSeederJob:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  openprojectWorkers:
    limits:
      cpu: 99
      memory: "4Gi"
    requests:
      cpu: 0.25
      memory: "512Mi"
  openxchangeCoreDocumentConverter:
    limits:
      cpu: 2
      memory: "6Gi"
    requests:
      cpu: 0.25
      memory: "1.25Gi"
  openxchangeCoreGuidedtours:
    limits:
      cpu: 1
      memory: "1Gi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  openxchangeCoreImageConverter:
    limits:
      cpu: 2
      memory: "6Gi"
    requests:
      cpu: 0.5
      memory: "1.25Gi"
  openxchangeCoreMW:
    limits:
      cpu: 4
      memory: "16Gi"
    requests:
      cpu: 1
      memory: "1.25Gi"
  openxchangeCoreUI:
    limits:
      cpu: 1
      memory: "1Gi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  openxchangeCoreUIMiddleware:
    limits:
      cpu: 1
      memory: "1536Mi"
    requests:
      cpu: 0.5
      memory: "192Mi"
  openxchangeCoreUIMiddlewareUpdater:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.5
      memory: "192Mi"
  openxchangeCoreUserGuide:
    limits:
      cpu: 1
      memory: "128Mi"
    requests:
      cpu: 0.02
      memory: "32Mi"
  openxchangeGotenberg:
    limits:
      cpu: 1
      memory: "512Mi"
    requests:
      cpu: 0.05
      memory: "32Mi"
  openxchangeGuardUI:
    limits:
      cpu: 1
      memory: "512Mi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  openxchangeNextcloudIntegrationUI:
    limits:
      cpu: 1
      memory: "512Mi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  openxchangePluginsUI:
    limits:
      cpu: 1
      memory: "1Gi"
    requests:
      cpu: 0.05
      memory: "32Mi"
  openxchangePublicSectorUI:
    limits:
      cpu: 1
      memory: "1Gi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  oxConnector:
    limits:
      cpu: 99
      memory: "4Gi"
    requests:
      cpu: 0.1
      memory: "1Gi"
  postfix:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "16Mi"
  postgresql:
    limits:
      cpu: 99
      memory: "842Gi" # Element: "230Gi" + Nextcloud: "260Gi" + OpenProject: "96Gi" + XWiki: "256Gi"
    requests:
      cpu: 5
      memory: "128Gi"
  prosody:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  redis:
    limits:
      cpu: 16
      memory: "63Gi"
    requests:
      cpu: 2
      memory: "4Gi"
  synapse:
    limits:
      cpu: 99
      memory: "16Gi"
    requests:
      cpu: 1
      memory: "2Gi"
  synapseWeb:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "64Mi"
  umsGuardianManagementApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsGuardianManagementUi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsGuardianAuthorizationApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsKeycloak:
    limits:
      cpu: 99
      memory: "2Gi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  umsKeycloakBootstrap:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsKeycloakExtensionHandler:
    limits:
      cpu: 8
      memory: "1Gi"
    requests:
      cpu: 0.2
      memory: "250Mi"
  umsKeycloakExtensionProxy:
    limits:
      cpu: 8
      memory: "1Gi"
    requests:
      cpu: 0.2
      memory: "250Mi"
  umsLdapNotifier:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsLdapServer:
    limits:
      cpu: 8
      memory: "4Gi"
    requests:
      cpu: 3
      memory: "2Gi"
  umsNotificationsApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalFrontend:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalConsumer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalConsumerDependencies:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalServer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsProvisioningApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "100Mi"
  umsProvisioningDispatcher:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsProvisioningPrefill:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsProvisioningRegisterConsumers:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "64Mi"
  umsProvisioningUdmTransformer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "64Mi"
  umsProvisioningNats:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  umsSelfserviceConsumer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsStackDataUms:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsOpenPolicyAgent:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUdmListener:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUdmRestApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUdmRestApiInit:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUmcGateway:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUmcServer:
    limits:
      cpu: 2
      memory: "2Gi"
    requests:
      cpu: 0.3
      memory: "500Mi"
  wellKnown:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  xwiki:
    limits:
      cpu: 99
      memory: "96Gi"
    requests:
      cpu: 20
      memory: "34Gi"
 ...
--- a/helmfile/environments/default-size-5k-overrides/persistence.yaml.gotmpl
+++ b/helmfile/environments/default-size-5k-overrides/persistence.yaml.gotmpl
@@ -0,0 +1,69 @@
 # SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-License-Identifier: Apache-2.0
 ---
 persistence:
  # Will be used as default if not otherwise define on the component level
  storageClassNames:
    RWX: ""
    RWO: ""
  storages:
    cassandra:
      size: "150Gi"
      commitLogsize: "8Gi"
      storageClassName: ~
    clamav:
      size: "1Gi"
      storageClassName: ~
    dovecot:
      size: "600Gi"
      storageClassName: ~
    mariadb:
      size: "160Gi"
      storageClassName: ~
    matrixNeoDateFixBot:
      size: "1Gi"
      storageClassName: ~
    minio:
      size: "12050Gi" # Open-Xchange: "5000Gi", with just 100Mi per user + OpenProject: "2000Gi" + Nextcloud: "5000Gi", with just 100Mi per user + Nubus: "25Gi" + Notes: "25Gi"
      storageClassName: ~
    nubusLdapServerData:
      size: "12Gi"
      storageClassName: ~
    nubusPortalConsumer:
      size: "12Gi"
      storageClassName: ~
    nubusProvisioningNats:
      size: "12Gi"
      storageClassName: ~
    # This option was introduced with openDesk 1.6. For now we want to use the Helm charts default empty string
    # to avoid issues during the upgrade modifying an existing PV, as the migrations in 1.6 required a smooth
    # Nubus deployment.
    # In a later openDesk release we will advise in the migrations.md to explicitly set this on existing deployments
    # to the default storage class.
    nubusUdmListener:
      size: "1Gi"
      #storageClassName: ""
    oxConnector:
      size: "1Gi"
      # This value is not passed on to the related Helm chart yet, but required for linting purposes.
      storageClassName: ~
    postfix:
      size: "25Gi"
      storageClassName: ~
    postgresql:
      size: "50Gi"
      storageClassName: ~
    prosody:
      size: "1Gi"
      storageClassName: ~
    redis:
      size: "38Gi"
      storageClassName: ~
    synapse:
      size: "5000Gi" # just 100Mi per user
      storageClassName: ~
    xwiki:
      size: "40Gi"
      storageClassName: ~
 ...
--- a/helmfile/environments/default-size-5k-overrides/replicas.yaml.gotmpl
+++ b/helmfile/environments/default-size-5k-overrides/replicas.yaml.gotmpl
@@ -0,0 +1,228 @@
 # SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-License-Identifier: Apache-2.0
 ---
 replicas:
  ## Note: Databases should be deployed separately
  # -- component: Cassandra
  # -- scalable: tbd
  cassandra: 3
  # -- component: Persistence Layer
  # -- scalable: false
  mariadb: 1
  # -- scalable: false
  memcached: 1
  # -- scalable: true
  minio: 1
  # -- scalable: false
  postgres: 1
  # -- scalable: tbd
  redis: 1
  # ClamAV
  # -- component: Antivirus (ClamAV)
  # -- scalable: true
  # -- comment: clamav-simple - supports `ReadWriteOnce` PVCs.
  clamav: 3
  # -- scalable: true
  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
  clamd: 3
  # -- scalable: true
  # -- comment: clamav-distributed - You do not want to scale this service, as it just updates the signature files
  # centrally an should be a singleton.
  freshclam: 1
  # -- scalable: true
  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
  icap: 3
  # -- scalable: true
  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
  milter: 3
  # IAM / Nubus
  # -- component: IAM (Nubus)
  # -- scalable: true
  intercomService: 1
  # -- scalable: true
  keycloak: 3
  # -- scalable: false
  oxConnector: 1
  # -- scalable: tbd
  umsGuardianAuthorizationApi: 1
  # -- scalable: tbd
  umsGuardianManagementApi: 1
  # -- scalable: tbd
  umsGuardianManagementUi: 1
  # -- scalable: tbd
  umsGuardianOpenPolicyAgent: 1
  # -- scalable: false
  # -- comment: Should not be scaled, is an async process.
  umsKeycloakExtensionsHandler: 1
  # -- scalable: true
  umsKeycloakExtensionsProxy: 1
  # -- scalable: tbd
  umsLdapNotifier: 1
  # -- scalable: true
  # -- comment: Please find details on the following `umsLdapServer*` entries in the upstream documentation:
  # https://docs.software-univention.de/nubus-kubernetes-operation/latest/en/configuration/ldap.html#directory-service-high-availability-and-scalability
  umsLdapServerPrimary: 1
  # -- scalable: true
  umsLdapServerSecondary: 2
  # -- scalable: true
  # -- comment: The LDAP proxy is only required in situations where there are clients outside of UDM writing into the
  # LDAP like Samba. This is not a use case within openDesk so the LDAP Proxy's replica count should be kept at `0`
  umsLdapServerProxy: 0
  # -- scalable: tbd
  umsNotificationsApi: 2
  # -- scalable: true
  umsPortalFrontend: 2
  # -- scalable: false
  umsPortalConsumer: 1
  # -- scalable: true
  umsPortalServer: 2
  # -- scalable: tdb
  umsProvisioningApi: 1
  # -- scalable: false
  umsProvisioningDispatcher: 1
  # -- scalable: tdb
  umsProvisioningNats: 1
  # -- scalable: tdb
  umsProvisioningPrefill: 1
  # -- scalable: false
  umsProvisioningUdmTransformer: 1
  # -- scalable: tbd
  umsSelfserviceConsumer: 1
  # -- scalable: true
  umsUdmListener: 1
  # -- scalable: tbd
  umsUdmRestApi: 1
  # -- scalable: tbd
  umsUmcGateway: 1
  # -- scalable: tbd
  umsUmcServer: 2
  # -- scalable: tbd
  umsUmcServerProxy: 1
  # -- scalable: true
  nginxS3Gateway: 1
  # Nextcloud
  # -- component: Filestore (Nextcloud)
  # -- scalable: true
  nextcloud: 3
  # -- scalable: true
  nextcloudNotifyPush: 1
  # -- scalable: true
  nextcloudExporter: 1
  # Collabora:
  # -- component: Weboffice (Collabora)
  # -- scalable: true
  # -- comment: If Collabora Controller is enabled, Collabora is autoscaling and the value below will be ignored.
  # Please check `enterpriseFeatures.collabora.autoscaling` for autoscaling settings.
  collabora: 3
  # -- scalable: true
  # -- comment: Load between Collabora Controller Pods is going to one Pod (the leader) only, therefore raise the number
  # e.g. to `2` for high availability of the Collabora Controller.
  collaboraController: 1
  # Cryptpad
  # -- component: Pad (CryptPad)
  # -- scalable: false
  cryptpad: 1
  # OX App Suite
  # -- component: Groupware (OX AppSuite, OX Dovecot etc.)
  # -- scalable: false
  # -- comment: Scalable in openDesk Enterprise only
  dovecot: 1
  # -- component: Groupware (OX App Suite)
  # -- scalable: tbd
  openxchangeCoreDocumentConverter: 1
  # -- scalable: tbd
  openxchangeCoreGuidedtours: 1
  # -- scalable: tbd
  openxchangeCoreImageConverter: 1
  # -- scalable: tbd
  openxchangeCoreMW: 2
  # -- scalable: tbd
  openxchangeCoreUI: 1
  # -- scalable: tbd
  openxchangeCoreUIMiddleware: 2
  # -- scalable: tbd
  openxchangeCoreUserGuide: 1
  # -- scalable: tbd
  openxchangeGotenberg: 1
  # -- scalable: tbd
  openxchangeGuardUI: 1
  # -- scalable: tbd
  openxchangeNextcloudIntegrationUI: 1
  # -- scalable: tbd
  openxchangePluginsUI: 1
  # -- scalable: tbd
  openxchangePublicSectorUI: 1
  # -- component: Project management (OpenProject)
  # -- scalable: true
  openprojectWeb: 4
  # -- scalable: true
  # -- comment: Async service working on processing queue content. Can work on queues in parallel (when needed). Check
  # https://www.openproject.org/docs/installation-and-operations/installation/helm-chart/ for details, as e.g.
  # dedicated workers for specific queues are possible with OpenProject.
  openprojectWorker: 2
  # -- component: Knowledge management (XWiki)
  # -- scalable: false
  xwiki: 1 # currently just vertial scaling
  # -- component: Chat (Element, Synapse)
  # -- scalable: true
  element: 2 # no information about that, but as it distributes the web client to the users' browsers, there should be some server running parallel
  # -- scalable: tbd
  matrixNeoBoardWidget: 1
  # -- scalable: tbd
  matrixNeoChoiceWidget: 1
  # -- scalable: tbd
  matrixNeoDateFixBot: 1
  # -- scalable: tbd
  matrixNeoDateFixWidget: 1
  # -- scalable: tbd
  matrixUserVerificationService: 1
  # -- scalable: tbd
  synapse: 2
  # -- scalable: true
  synapseWeb: 1 # no information about that, but as HAproxy, a redundant setup should be senseful in larger deployments
  # -- scalable: true		
  wellKnown: 1
  # -- component: Note taking (Notes)
  # -- scalable: true
  notesBackend: 5
  # -- scalable: true
  notesFrontend: 2
  # -- scalable: true
  notesYProvider: 5
  # Jitsi
  # 3 shards, each for up to 4000 concurrent users
  # -- component: Video conference (Jitsi)
  # -- scalable: tbd
  jibri: 1
  # -- scalable: tbd
  jicofo: 1
  # -- scalable: tbd
  jigasi: 1
  # -- scalable: tbd
  jitsi: 1
  # -- scalable: tbd
  jitsiKeycloakAdapter: 1
  # -- scalable: tbd
  jvb: 5
 ...
--- a/helmfile/environments/default-size-5k-overrides/resources.yaml.gotmpl
+++ b/helmfile/environments/default-size-5k-overrides/resources.yaml.gotmpl
@@ -0,0 +1,655 @@
 # SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-License-Identifier: Apache-2.0
 ---
 resources:
  cassandra:
    limits:
      cpu: 99
      memory: "26Gi"
    requests:
      cpu: 1
      memory: "1Gi"
  clamd:
    limits:
      cpu: 99
      memory: "16Gi"
    requests:
      cpu: 2
      memory: "2Gi"
  collabora:
    # without autoscaling:
    limits:
      cpu: 99
      memory: "26Gi"
    requests:
      cpu: 4
      memory: "8Gi"
    ## with autoscaling:
    #limits:
    #  cpu: 4
    #  memory: "8Gi"
    #requests:
    #  cpu: 4
    #  memory: "8Gi"
  collaboraController:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.5
      memory: "256Mi"
  cryptpad:
    limits:
      cpu: 99
      memory: "8Gi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  dkimpy:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  dovecot:
    limits:
      cpu: 8
      memory: "16Gi"
    requests:
      cpu: 1
      memory: "1Gi"
  element:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  freshclam:
    limits:
      cpu: 8
      memory: "1Gi"
    requests:
      cpu: 0.5
      memory: "512Mi"
  icap:
    limits:
      cpu: 8
      memory: "512Mi"
    requests:
      cpu: 0.5
      memory: "128Mi"
  intercomService:
    limits:
      cpu: 2
      memory: "1Gi"
    requests:
      cpu: 0.5
      memory: "128Mi"
  # The Jibri container requires 2Gi /dev/shm so we need a limit based on the expected memory consumption of the
  # service plus the 2Gi /dev/shm
  jibri:
    limits:
      cpu: 99
      memory: "3Gi"
    requests:
      cpu: 0.1
      memory: "384Mi"
  # The jicofo, jvb and jigasi containers require 3GB memory for the Java process, so we limit it to 3.5Gi overall consumption.
  jicofo:
    limits:
      cpu: 99
      memory: "3584Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  # The jicofo, jvb and jigasi containers require 3GB memory for the Java process, so we limit it to 3.5Gi overall consumption.
  jigasi:
    limits:
      cpu: 99
      memory: "3584Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  jitsi:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  jitsiKeycloakAdapter:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.01
      memory: "48Mi"
  # The jicofo, jvb and jigasi containers require 3GB memory for the Java process, so we limit it to 3.5Gi overall consumption.
  jvb:
    limits:
      cpu: 99
      memory: "8Gi"
    requests:
      cpu: 0.5
      memory: "1Gi"
  mariadb:
    limits:
      cpu: 99
      memory: "8Gi"
    requests:
      cpu: 1
      memory: "4Gi"
  matrixNeoBoardWidget:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "48Mi"
  matrixNeoChoiceWidget:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "48Mi"
  matrixNeoDateFixBot:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  matrixNeoDateFixWidget:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "48Mi"
  matrixUserVerificationService:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  memcached:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  milter:
    limits:
      cpu: 99
      memory: "96Mi"
    requests:
      cpu: 0.1
      memory: "16Mi"
  minio:
    limits:
      cpu: 8
      memory: "8Gi"
    requests:
      cpu: 1.5
      memory: "2Gi"
  nextcloud:
    limits:
      cpu: 6
      memory: "13Gi"
    requests:
      cpu: 2
      memory: "2Gi"
  nextcloudCron:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  nextcloudExporter:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  nextcloudNotifyPush:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  nginxS3Gateway:
    limits:
      cpu: 99
      memory: "64Mi"
    requests:
      cpu: "100m"
      memory: "16Mi"
  notesBackend:
    limits:
      cpu: 99
      memory: "3Gi"
    requests:
      cpu: 0.1
      memory: "768Mi"
  notesFrontend:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  notesYProvider:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "200Mi"
  opendeskKeycloakBootstrap:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  opendeskStaticFiles:
    limits:
      cpu: 99
      memory: "64Mi"
    requests:
      cpu: 0.01
      memory: "16Mi"
  openproject:
    limits:
      cpu: 99
      memory: "3Gi"
    requests:
      cpu: 0.1
      memory: "768Mi"
  openprojectDbInit:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  openprojectAppInit:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  openprojectSeederJob:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  openprojectWorkers:
    limits:
      cpu: 99
      memory: "4Gi"
    requests:
      cpu: 0.25
      memory: "512Mi"
  openxchangeCoreDocumentConverter:
    limits:
      cpu: 2
      memory: "6Gi"
    requests:
      cpu: 0.25
      memory: "1.25Gi"
  openxchangeCoreGuidedtours:
    limits:
      cpu: 1
      memory: "1Gi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  openxchangeCoreImageConverter:
    limits:
      cpu: 2
      memory: "6Gi"
    requests:
      cpu: 0.5
      memory: "1.25Gi"
  openxchangeCoreMW:
    limits:
      cpu: 4
      memory: "16Gi"
    requests:
      cpu: 1
      memory: "1.25Gi"
  openxchangeCoreUI:
    limits:
      cpu: 1
      memory: "1Gi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  openxchangeCoreUIMiddleware:
    limits:
      cpu: 1
      memory: "1536Mi"
    requests:
      cpu: 0.5
      memory: "192Mi"
  openxchangeCoreUIMiddlewareUpdater:
    limits:
      cpu: 99
      memory: "768Mi"
    requests:
      cpu: 0.5
      memory: "192Mi"
  openxchangeCoreUserGuide:
    limits:
      cpu: 1
      memory: "128Mi"
    requests:
      cpu: 0.02
      memory: "32Mi"
  openxchangeGotenberg:
    limits:
      cpu: 1
      memory: "512Mi"
    requests:
      cpu: 0.05
      memory: "32Mi"
  openxchangeGuardUI:
    limits:
      cpu: 1
      memory: "512Mi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  openxchangeNextcloudIntegrationUI:
    limits:
      cpu: 1
      memory: "512Mi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  openxchangePluginsUI:
    limits:
      cpu: 1
      memory: "1Gi"
    requests:
      cpu: 0.05
      memory: "32Mi"
  openxchangePublicSectorUI:
    limits:
      cpu: 1
      memory: "1Gi"
    requests:
      cpu: 0.01
      memory: "32Mi"
  oxConnector:
    limits:
      cpu: 99
      memory: "4Gi"
    requests:
      cpu: 0.1
      memory: "1Gi"
  postfix:
    limits:
      cpu: 99
      memory: "128Mi"
    requests:
      cpu: 0.1
      memory: "16Mi"
  postgresql:
    limits:
      cpu: 99
      memory: "89Gi" # Element: "23Gi" + Nextcloud: "30Gi" + OpenProject: "10Gi" + XWiki: "26Gi"
    requests:
      cpu: 1
      memory: "24Gi"
  prosody:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  redis:
    limits:
      cpu: 16
      memory: "63Gi"
    requests:
      cpu: 2
      memory: "4Gi"
  synapse:
    limits:
      cpu: 99
      memory: "16Gi"
    requests:
      cpu: 1
      memory: "2Gi"
  synapseWeb:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "64Mi"
  umsGuardianManagementApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsGuardianManagementUi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsGuardianAuthorizationApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsKeycloak:
    limits:
      cpu: 99
      memory: "2Gi"
    requests:
      cpu: 0.1
      memory: "512Mi"
  umsKeycloakBootstrap:
    limits:
      cpu: 99
      memory: "512Mi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsKeycloakExtensionHandler:
    limits:
      cpu: 8
      memory: "1Gi"
    requests:
      cpu: 0.2
      memory: "250Mi"
  umsKeycloakExtensionProxy:
    limits:
      cpu: 8
      memory: "1Gi"
    requests:
      cpu: 0.2
      memory: "250Mi"
  umsLdapNotifier:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsLdapServer:
    limits:
      cpu: 8
      memory: "4Gi"
    requests:
      cpu: 3
      memory: "2Gi"
  umsNotificationsApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalFrontend:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalConsumer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalConsumerDependencies:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalServer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsProvisioningApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "100Mi"
  umsProvisioningDispatcher:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsProvisioningPrefill:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsProvisioningRegisterConsumers:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "64Mi"
  umsProvisioningUdmTransformer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "64Mi"
  umsProvisioningNats:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "128Mi"
  umsSelfserviceConsumer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsStackDataUms:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsOpenPolicyAgent:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUdmListener:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUdmRestApi:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUdmRestApiInit:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUmcGateway:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsUmcServer:
    limits:
      cpu: 2
      memory: "2Gi"
    requests:
      cpu: 0.3
      memory: "500Mi"
  wellKnown:
    limits:
      cpu: 99
      memory: "256Mi"
    requests:
      cpu: 0.1
      memory: "32Mi"
  xwiki:
    limits:
      cpu: 99
      memory: "12Gi"
    requests:
      cpu: 4
      memory: "6Gi"
 ...
--- a/helmfile_generic.yaml.gotmpl
+++ b/helmfile_generic.yaml.gotmpl
@@ -13,6 +13,15 @@ helmfiles:
      {{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
      - "helmfile/environments/default-enterprise-overrides/*.yaml.gotmpl"
      {{- end }}
      {{- if eq (env "SIZE_PROFILE") "500" }}
      - "helmfile/environments/default-size-500-overrides/*.yaml.gotmpl"
      {{- else if eq (env "SIZE_PROFILE") "5k" }}
      - "helmfile/environments/default-size-5k-overrides/*.yaml.gotmpl"
      {{- else if eq (env "SIZE_PROFILE") "50k" }}
      - "helmfile/environments/default-size-50k-overrides/*.yaml.gotmpl"
      {{- else if eq (env "SIZE_PROFILE") "100k" }}
      - "helmfile/environments/default-size-100k-overrides/*.yaml.gotmpl"
      {{- end }}
  - path: "helmfile/apps/opendesk-services/helmfile-child.yaml.gotmpl"
    values: *values
  - path: "helmfile/apps/services-external/helmfile-child.yaml.gotmpl"
Author	SHA1	Message	Date
Franz Kuntke	4ceed617cf	Merge branch 'kuntke/size-profiles' into 'develop' Draft: feat(size-profiles): Add size profiles See merge request bmi/opendesk/deployment/opendesk!1122	2025-12-05 16:15:34 +00:00
Franz Kuntke	10b1ab0cb6	feat(size-profiles): Size profile overrides via helmfile selectable	2025-12-05 17:11:32 +01:00
Franz Kuntke	8dc3cbfe17	docs(size-profiles): Add hardware requirements section	2025-12-05 12:05:28 +01:00
Franz Kuntke	549e2bb01a	feat(size-profiles): Add size profiles	2025-12-05 10:06:23 +01:00