feat(infra): production bootstrap — cert-manager, longhorn, monitoring
Add new bases for cert-manager (Let's Encrypt + wildcard cert), Longhorn
distributed storage, and monitoring (kube-prometheus-stack + Loki + Tempo
+ Grafana OIDC). Add cloud-init for Scaleway Elastic Metal provisioning.
Production overlay: add patches for postgres sizing, SeaweedFS volume,
OpenSearch storage, LiveKit service, Pingora host ports, resource limits,
and CNPG daily barman backups. Update cert-manager.yaml with full dnsNames
for all *.sunbeam.pt subdomains.
2026-03-06 12:06:27 +00:00
|
|
|
# Production resource limits — Scaleway Elastic Metal, 12 cores, 64 GiB RAM.
|
|
|
|
|
# ~10 GiB reserved for OS + k3s + Linkerd mesh overhead.
|
|
|
|
|
# Replicas scaled up for production workloads.
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
apiVersion: apps/v1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: meet-celery-worker
|
|
|
|
|
namespace: lasuite
|
|
|
|
|
spec:
|
|
|
|
|
template:
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
|
|
|
|
- name: meet-celery-worker
|
|
|
|
|
resources:
|
|
|
|
|
requests:
|
|
|
|
|
memory: 256Mi
|
|
|
|
|
cpu: 100m
|
|
|
|
|
limits:
|
|
|
|
|
memory: 1Gi
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
apiVersion: apps/v1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: cloudnative-pg
|
|
|
|
|
namespace: data
|
|
|
|
|
spec:
|
|
|
|
|
template:
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
|
|
|
|
- name: manager
|
|
|
|
|
resources:
|
|
|
|
|
requests:
|
|
|
|
|
memory: 256Mi
|
|
|
|
|
cpu: 100m
|
|
|
|
|
limits:
|
|
|
|
|
memory: 512Mi
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
apiVersion: apps/v1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: livekit-server
|
|
|
|
|
namespace: media
|
|
|
|
|
spec:
|
|
|
|
|
template:
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
|
|
|
|
- name: livekit-server
|
|
|
|
|
resources:
|
|
|
|
|
requests:
|
|
|
|
|
memory: 512Mi
|
|
|
|
|
cpu: 500m
|
|
|
|
|
limits:
|
|
|
|
|
memory: 2Gi
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
apiVersion: apps/v1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: pingora
|
|
|
|
|
namespace: ingress
|
|
|
|
|
spec:
|
|
|
|
|
template:
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
|
|
|
|
- name: pingora
|
|
|
|
|
resources:
|
|
|
|
|
requests:
|
|
|
|
|
memory: 128Mi
|
|
|
|
|
cpu: 250m
|
|
|
|
|
limits:
|
|
|
|
|
memory: 512Mi
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
apiVersion: apps/v1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: valkey
|
|
|
|
|
namespace: data
|
|
|
|
|
spec:
|
|
|
|
|
template:
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
|
|
|
|
- name: valkey
|
|
|
|
|
resources:
|
|
|
|
|
requests:
|
|
|
|
|
memory: 128Mi
|
|
|
|
|
cpu: 50m
|
|
|
|
|
limits:
|
|
|
|
|
memory: 512Mi
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
apiVersion: apps/v1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: opensearch
|
|
|
|
|
namespace: data
|
|
|
|
|
spec:
|
|
|
|
|
template:
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
|
|
|
|
- name: opensearch
|
|
|
|
|
env:
|
|
|
|
|
- name: OPENSEARCH_JAVA_OPTS
|
|
|
|
|
value: "-Xms2g -Xmx4g"
|
|
|
|
|
resources:
|
|
|
|
|
requests:
|
|
|
|
|
memory: 2Gi
|
|
|
|
|
cpu: 500m
|
|
|
|
|
limits:
|
|
|
|
|
memory: 5Gi
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
apiVersion: apps/v1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: seaweedfs-filer
|
|
|
|
|
namespace: storage
|
|
|
|
|
spec:
|
|
|
|
|
template:
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
|
|
|
|
- name: filer
|
|
|
|
|
resources:
|
|
|
|
|
requests:
|
2026-03-22 19:48:36 +00:00
|
|
|
memory: 512Mi
|
feat(infra): production bootstrap — cert-manager, longhorn, monitoring
Add new bases for cert-manager (Let's Encrypt + wildcard cert), Longhorn
distributed storage, and monitoring (kube-prometheus-stack + Loki + Tempo
+ Grafana OIDC). Add cloud-init for Scaleway Elastic Metal provisioning.
Production overlay: add patches for postgres sizing, SeaweedFS volume,
OpenSearch storage, LiveKit service, Pingora host ports, resource limits,
and CNPG daily barman backups. Update cert-manager.yaml with full dnsNames
for all *.sunbeam.pt subdomains.
2026-03-06 12:06:27 +00:00
|
|
|
cpu: 100m
|
|
|
|
|
limits:
|
2026-03-22 19:48:36 +00:00
|
|
|
memory: 2Gi
|
feat(infra): production bootstrap — cert-manager, longhorn, monitoring
Add new bases for cert-manager (Let's Encrypt + wildcard cert), Longhorn
distributed storage, and monitoring (kube-prometheus-stack + Loki + Tempo
+ Grafana OIDC). Add cloud-init for Scaleway Elastic Metal provisioning.
Production overlay: add patches for postgres sizing, SeaweedFS volume,
OpenSearch storage, LiveKit service, Pingora host ports, resource limits,
and CNPG daily barman backups. Update cert-manager.yaml with full dnsNames
for all *.sunbeam.pt subdomains.
2026-03-06 12:06:27 +00:00
|
|
|
|
|
|
|
|
---
|
|
|
|
|
apiVersion: apps/v1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: hydra-hydra-maester
|
|
|
|
|
namespace: ory
|
|
|
|
|
spec:
|
|
|
|
|
template:
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
|
|
|
|
- name: hydra-maester
|
|
|
|
|
resources:
|
|
|
|
|
requests:
|
|
|
|
|
memory: 32Mi
|
|
|
|
|
cpu: 25m
|
|
|
|
|
limits:
|
|
|
|
|
memory: 128Mi
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
apiVersion: apps/v1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: hive
|
|
|
|
|
namespace: lasuite
|
|
|
|
|
spec:
|
|
|
|
|
template:
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
|
|
|
|
- name: hive
|
|
|
|
|
resources:
|
|
|
|
|
requests:
|
|
|
|
|
memory: 64Mi
|
|
|
|
|
limits:
|
|
|
|
|
memory: 256Mi
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
apiVersion: apps/v1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
feat: La Suite email/messages, buildkitd, monitoring, vault and storage updates
- Add Messages (email) service: backend, frontend, MTA in/out, MPA, SOCKS
proxy, worker, DKIM config, and theme customization
- Add Collabora deployment for document collaboration
- Add Drive frontend nginx config and values
- Add buildkitd namespace for in-cluster container builds
- Add SeaweedFS remote sync and additional S3 buckets
- Update vault secrets across namespaces (devtools, lasuite, media,
monitoring, ory, storage) with expanded credential management
- Update monitoring: rename grafana→metrics OAuth2Client, add Prometheus
remote write and additional scrape configs
- Update local/production overlays with resource patches
- Remove stale login-ui resource patch from production overlay
2026-03-10 19:00:57 +00:00
|
|
|
name: collabora
|
feat(infra): production bootstrap — cert-manager, longhorn, monitoring
Add new bases for cert-manager (Let's Encrypt + wildcard cert), Longhorn
distributed storage, and monitoring (kube-prometheus-stack + Loki + Tempo
+ Grafana OIDC). Add cloud-init for Scaleway Elastic Metal provisioning.
Production overlay: add patches for postgres sizing, SeaweedFS volume,
OpenSearch storage, LiveKit service, Pingora host ports, resource limits,
and CNPG daily barman backups. Update cert-manager.yaml with full dnsNames
for all *.sunbeam.pt subdomains.
2026-03-06 12:06:27 +00:00
|
|
|
namespace: lasuite
|
|
|
|
|
spec:
|
|
|
|
|
template:
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
feat: La Suite email/messages, buildkitd, monitoring, vault and storage updates
- Add Messages (email) service: backend, frontend, MTA in/out, MPA, SOCKS
proxy, worker, DKIM config, and theme customization
- Add Collabora deployment for document collaboration
- Add Drive frontend nginx config and values
- Add buildkitd namespace for in-cluster container builds
- Add SeaweedFS remote sync and additional S3 buckets
- Update vault secrets across namespaces (devtools, lasuite, media,
monitoring, ory, storage) with expanded credential management
- Update monitoring: rename grafana→metrics OAuth2Client, add Prometheus
remote write and additional scrape configs
- Update local/production overlays with resource patches
- Remove stale login-ui resource patch from production overlay
2026-03-10 19:00:57 +00:00
|
|
|
- name: collabora
|
feat(infra): production bootstrap — cert-manager, longhorn, monitoring
Add new bases for cert-manager (Let's Encrypt + wildcard cert), Longhorn
distributed storage, and monitoring (kube-prometheus-stack + Loki + Tempo
+ Grafana OIDC). Add cloud-init for Scaleway Elastic Metal provisioning.
Production overlay: add patches for postgres sizing, SeaweedFS volume,
OpenSearch storage, LiveKit service, Pingora host ports, resource limits,
and CNPG daily barman backups. Update cert-manager.yaml with full dnsNames
for all *.sunbeam.pt subdomains.
2026-03-06 12:06:27 +00:00
|
|
|
resources:
|
|
|
|
|
requests:
|
|
|
|
|
memory: 512Mi
|
|
|
|
|
cpu: 100m
|
|
|
|
|
limits:
|
|
|
|
|
memory: 1Gi
|
feat: La Suite email/messages, buildkitd, monitoring, vault and storage updates
- Add Messages (email) service: backend, frontend, MTA in/out, MPA, SOCKS
proxy, worker, DKIM config, and theme customization
- Add Collabora deployment for document collaboration
- Add Drive frontend nginx config and values
- Add buildkitd namespace for in-cluster container builds
- Add SeaweedFS remote sync and additional S3 buckets
- Update vault secrets across namespaces (devtools, lasuite, media,
monitoring, ory, storage) with expanded credential management
- Update monitoring: rename grafana→metrics OAuth2Client, add Prometheus
remote write and additional scrape configs
- Update local/production overlays with resource patches
- Remove stale login-ui resource patch from production overlay
2026-03-10 19:00:57 +00:00
|
|
|
cpu: 1000m
|
