Merge pull request #114 from serlo/resource-reduce

Optimize resources
serlo · Aug 12, 2024 · 4a47408 · 4a47408
2 parents eaf83bd + c366f35
commit 4a47408
Show file tree

Hide file tree

Showing 18 changed files with 95 additions and 71 deletions.
diff --git a/envs/production/main.tf b/envs/production/main.tf
@@ -8,7 +8,7 @@ locals {
   region = "europe-west3"
   zone   = "europe-west3-a"
 
-  cluster_machine_type = "n1-standard-4"
+  cluster_machine_type = "n1-standard-1"
 
   mysql_database_instance_name = "${local.project}-mysql-2021-07-15"
   kpi_database_instance_name   = "${local.project}-postgres-2020-01-26"

diff --git a/envs/staging/api.tf b/envs/staging/api.tf
@@ -72,17 +72,17 @@ module "api" {
   }
 }
 
-module "enmeshed" {
-  source = "../../modules/enmeshed"
-
-  namespace              = kubernetes_namespace.api_namespace.metadata.0.name
-  chart_version          = "3.9.1"
-  transport_base_url     = "https://nmshd-bkb.demo.meinbildungsraum.de/"
-  platform_client_id     = var.enmeshed_platform_client_id
-  platform_client_secret = var.enmeshed_platform_client_secret
-  api_url                = "https://api.${local.domain}"
-  api_key                = var.enmeshed_api_key
-}
+# TODO: having problem with credentials, redeploy when it is cleared
+# module "enmeshed" {
+#   source = "../../modules/enmeshed"
+
+#   namespace              = kubernetes_namespace.api_namespace.metadata.0.name
+#   transport_base_url     = "https://nmshd-bkb.demo.meinbildungsraum.de/"
+#   platform_client_id     = var.enmeshed_platform_client_id
+#   platform_client_secret = var.enmeshed_platform_client_secret
+#   api_url                = "https://api.${local.domain}"
+#   api_key                = var.enmeshed_api_key
+# }
 
 module "api_server_ingress" {
   source = "../../modules/ingress"

diff --git a/envs/staging/main.tf b/envs/staging/main.tf
@@ -8,7 +8,7 @@ locals {
   region = "europe-west3"
   zone   = "europe-west3-a"
 
-  cluster_machine_type = "n1-standard-2"
+  cluster_machine_type = "n1-standard-1"
 
   mysql_database_instance_name = "${local.project}-mysql-2021-07-15"
   kpi_database_instance_name   = "${local.project}-postgres-2020-01-19-3"

diff --git a/envs/terraform.mk b/envs/terraform.mk
@@ -14,7 +14,10 @@ terraform_init: terraform_download_secrets
 	terraform init
 
 .PHONY: terraform_plan
-terraform_plan: terraform_download_secrets
+terraform_plan: terraform_download_secrets terraform_plan_without_downloading_secrets
+
+.PHONY: terraform_plan_without_downloading_secrets
+terraform_plan_without_downloading_secrets:
 	terraform fmt -recursive
 	terraform plan -var-file secrets/terraform-$(env_name).tfvars
 
@@ -23,19 +26,16 @@ terraform_apply: terraform_download_secrets terraform_apply_without_downloading_
 
 .PHONY: terraform_apply_without_downloading_secrets
 terraform_apply_without_downloading_secrets:
-	# just make sure we know what we are doing
 	terraform fmt -recursive
 	terraform apply -var-file secrets/terraform-$(env_name).tfvars
 
 .PHONY: terraform_destroy
 terraform_destroy:
-	# just make sure we know what we are doing
 	terraform fmt -recursive
 	terraform destroy -var-file secrets/terraform-$(env_name).tfvars
 
 .PHONY: terraform_download_secrets
 terraform_download_secrets:
-	#remove secrets and load latest secret from gcloud
 	rm -rf secrets
 	gsutil -m cp -R gs://$(gcloud_env_name)_terraform/secrets/ .
 

diff --git a/modules/api/server/main.tf b/modules/api/server/main.tf
@@ -363,13 +363,12 @@ resource "kubernetes_deployment" "server" {
           }
 
           resources {
-            limits = {
-              cpu    = "600m"
-              memory = "750Mi"
-            }
-
             requests = {
-              cpu    = "400m"
+              cpu    = "75m"
+              memory = "300Mi"
+            }
+            limits = {
+              cpu    = "100m"
               memory = "500Mi"
             }
           }

diff --git a/modules/api/swr-queue-worker/main.tf b/modules/api/swr-queue-worker/main.tf
@@ -251,15 +251,14 @@ resource "kubernetes_deployment" "server" {
           }
 
           resources {
-            limits = {
-              cpu    = "200m"
-              memory = "200Mi"
-            }
-
             requests = {
-              cpu    = "100m"
+              cpu    = "15m"
               memory = "100Mi"
             }
+            limits = {
+              cpu    = "35m"
+              memory = "150Mi"
+            }
           }
         }
       }

diff --git a/modules/editor-as-lti-tool/main.tf b/modules/editor-as-lti-tool/main.tf
@@ -1,6 +1,6 @@
 locals {
   name      = "editor-as-lti-tool"
-  image_tag = var.dev_mode ? "dev" : "latest"
+  image_tag = "0.0.1"
 
   lti_platform_url = "https://identityserver.itslearning.com"
 
@@ -71,7 +71,7 @@ resource "kubernetes_deployment" "editor_as_lti_tool" {
         }
 
         container {
-          image             = "eu.gcr.io/serlo-shared/editor-as-lti-tool:${local.image_tag}"
+          image             = "ghcr.io/serlo/serlo-editor-as-lti-tool:${local.image_tag}"
           name              = local.name
           image_pull_policy = "Always"
 
@@ -116,6 +116,16 @@ resource "kubernetes_deployment" "editor_as_lti_tool" {
             name  = "SERLO_EDITOR_TESTING_SECRET"
             value = var.serlo_editor_testing_secret
           }
+          resources {
+            requests = {
+              cpu    = "20m"
+              memory = "200Mi"
+            }
+            limits = {
+              cpu    = "50m"
+              memory = "350Mi"
+            }
+          }
         }
       }
     }

diff --git a/modules/editor-as-lti-tool/values.yaml b/modules/editor-as-lti-tool/values.yaml
@@ -5,3 +5,10 @@ global:
   storageClass: standard
 auth:
   rootPassword: ${mongodb_root_password}
+resources:
+  requests:
+    cpu: 600m
+    memory: 350Mi
+  limits:
+    cpu: 900m
+    memory: 500Mi
diff --git a/modules/enmeshed/main.tf b/modules/enmeshed/main.tf
@@ -2,10 +2,6 @@ variable "namespace" {
   type = string
 }
 
-variable "chart_version" {
-  type = string
-}
-
 variable "platform_client_id" {
   type = string
 }
@@ -28,15 +24,15 @@ variable "transport_base_url" {
 
 resource "helm_release" "enmeshed_deployment" {
   name      = "enmeshed"
-  chart     = " oci://ghcr.io/nmshd/connector-helm-chart"
-  version   = var.chart_version
+  chart     = "oci://ghcr.io/nmshd/connector-helm-chart"
+  version   = "4.6.2"
   namespace = var.namespace
 
   values = [
     templatefile(
       "${path.module}/values.yaml",
       {
-        mongodb_uri            = "mongodb://root:${random_password.mongodb_root_password.result}@mongodb:27017/?authSource=admin&readPreference=primary&ssl=false"
+        mongodb_uri            = "mongodb://root:${random_password.mongodb_root_password.result}@${helm_release.database.name}:27017/?authSource=admin&readPreference=primary&ssl=false"
         platform_client_id     = var.platform_client_id
         platform_client_secret = var.platform_client_secret
         transport_base_url     = var.transport_base_url
@@ -48,7 +44,7 @@ resource "helm_release" "enmeshed_deployment" {
 }
 
 resource "helm_release" "database" {
-  name       = "mongodb"
+  name       = "enmeshed-mongodb"
   repository = "https://charts.bitnami.com/bitnami"
   chart      = "mongodb"
   version    = "14.0.12"

diff --git a/modules/enmeshed/values-mongodb.yaml b/modules/enmeshed/values-mongodb.yaml
@@ -5,3 +5,10 @@ global:
   storageClass: standard
 auth:
   rootPassword: ${mongodb_root_password}
+resources:
+  requests:
+    cpu: 600m
+    memory: 300Mi
+  limits:
+    cpu: 900m
+    memory: 500Mi
diff --git a/modules/enmeshed/values.yaml b/modules/enmeshed/values.yaml
@@ -25,7 +25,7 @@ config:
       enabled: true
       docs:
         enabled: false
-    webhooksV2:
+    webhooks:
       enabled: true
       webhooks:
         - triggers:
@@ -50,3 +50,13 @@ config:
             headers:
               X-API-KEY: ${api_key}
             publishInterval: 5
+
+pod:
+  connector:
+    resources:
+      requests:             
+        cpu: 50m
+        memory: 200Mi
+      limits:
+        cpu: 100m
+        memory: 400Mi
diff --git a/modules/hydra/README.md b/modules/hydra/README.md
diff --git a/modules/hydra/values.yaml b/modules/hydra/values.yaml
@@ -45,9 +45,9 @@ deployment:
     cloud.google.com/gke-nodepool: ${node_pool}
 
   resources:
-    limits:
-      cpu: 40m
-      memory: 128Mi
     requests:
-      cpu: 20m
-      memory: 64Mi
+      cpu: 1m
+      memory: 30Mi
+    limits:
+      cpu: 5m
+      memory: 50Mi
diff --git a/modules/ingress-nginx/README.md b/modules/ingress-nginx/README.md
diff --git a/modules/kratos/values.yaml b/modules/kratos/values.yaml
@@ -215,9 +215,9 @@ kratos:
                 plaintext: http://${domain}/api/.ory/mail-templates/recovery/invalid/email.body.plaintext.gotmpl
 deployment:
   resources:
-    limits:
-      cpu: 80m
-      memory: 400Mi
     requests:
-      cpu: 40m
-      memory: 128Mi
+      cpu: 30m
+      memory: 50Mi
+    limits:
+      cpu: 50m
+      memory: 100Mi
diff --git a/modules/redis/values.yml b/modules/redis/values.yml
@@ -8,11 +8,11 @@ master:
     "cloud.google.com/gke-nodepool": ${node_pool}
   resources:
     requests:
-      cpu: 200m
-      memory: 500Mi
+      cpu: 30m
+      memory: 400Mi
     limits:
-      cpu: 350m
-      memory: 1Gi
+      cpu: 50m
+      memory: 600Mi
 
 replica:
   replicaCount: 1
@@ -22,8 +22,8 @@ replica:
     "cloud.google.com/gke-nodepool": ${node_pool}
   resources:
     requests:
-      cpu: 200m
-      memory: 500Mi
+      cpu: 50m
+      memory: 400Mi
     limits:
-      cpu: 350m
-      memory: 1Gi
+      cpu: 100m
+      memory: 600Mi
diff --git a/modules/rocket-chat/values-mongodb.yaml b/modules/rocket-chat/values-mongodb.yaml
@@ -10,9 +10,9 @@ auth:
   database: ${mongodb_database}
   replicaSetKey: ${mongodb_replica_set_key}
 resources:
-  limits:
-    cpu: 3000m
-    memory: 2000Mi
   requests:
-    cpu: 2000m
-    memory: 1500Mi
+    cpu: 100m
+    memory: 2000Mi
+  limits:
+    cpu: 150m
+    memory: 2500Mi
diff --git a/modules/rocket-chat/values-rocketchat.yaml b/modules/rocket-chat/values-rocketchat.yaml
@@ -13,11 +13,11 @@ smtp:
   password: ${smtp_password}
 
 resources:
-  limits:
-    cpu: 1000m
-    memory: 2000Mi
   requests:
-    cpu: 750m
+    cpu: 350m
+    memory: 1000Mi
+  limits:
+    cpu: 700m
     memory: 1500Mi
 
 mongodb: