From 7ff45d4451d279e6c7e1499611ddbde107d40fdd Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Thu, 24 Jul 2025 22:29:36 +0800
Subject: [PATCH] chore: cleanup

---
 .../core/_networking/multus/app/hr.yaml       |  3 +-
 kube/deploy/core/db/pg/app/hr.yaml            | 41 +++++++++----------
 .../core/monitoring/fluentbit/app/hr.yaml     | 11 ++---
 .../core/secrets/external-secrets/app/hr.yaml | 19 +++++----
 kube/deploy/core/spegel/app/hr.yaml           |  1 +
 5 files changed, 36 insertions(+), 39 deletions(-)

diff --git a/kube/deploy/core/_networking/multus/app/hr.yaml b/kube/deploy/core/_networking/multus/app/hr.yaml
index bd68c045..160bdc55 100644
--- a/kube/deploy/core/_networking/multus/app/hr.yaml
+++ b/kube/deploy/core/_networking/multus/app/hr.yaml
@@ -28,7 +28,8 @@ spec:
     resources:
       requests:
         cpu: 5m
+        memory: 128Mi
       limits:
-        memory: 512Mi
+        memory: 2Gi
     hostPaths:
       netns: /var/run/netns
diff --git a/kube/deploy/core/db/pg/app/hr.yaml b/kube/deploy/core/db/pg/app/hr.yaml
index be77f6fc..f162f0f8 100644
--- a/kube/deploy/core/db/pg/app/hr.yaml
+++ b/kube/deploy/core/db/pg/app/hr.yaml
@@ -1,24 +1,23 @@
-# ---
-# # NOTE: cloudnative-pg is commented out so the ks can finish reconciling (wait: true), but it's still installed on Biohazard cluster (prune: false) so I can Eventually(TM) get to debugging why I have stuck clusters
-# apiVersion: helm.toolkit.fluxcd.io/v2beta1
-# kind: HelmRelease
-# metadata:
-#   name: cloudnative-pg
-#   namespace: cnpg
-# spec:
-#   chart:
-#     spec:
-#       chart: cloudnative-pg
-#       version: 0.19.0
-#       sourceRef:
-#         name: cloudnative-pg
-#         kind: HelmRepository
-#         namespace: flux-system
-#   values:
-#     image:
-#       tag: "1.21.0"
-#     crds:
-#       create: true
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: cloudnative-pg
+  namespace: cnpg
+spec:
+  chart:
+    spec:
+      chart: cloudnative-pg
+      version: 0.24.0
+      sourceRef:
+        name: cloudnative-pg
+        kind: HelmRepository
+        namespace: flux-system
+  values:
+    # image:
+    #   tag: "1.21.0"
+    crds:
+      create: true
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
diff --git a/kube/deploy/core/monitoring/fluentbit/app/hr.yaml b/kube/deploy/core/monitoring/fluentbit/app/hr.yaml
index 784fd6fd..401097f8 100644
--- a/kube/deploy/core/monitoring/fluentbit/app/hr.yaml
+++ b/kube/deploy/core/monitoring/fluentbit/app/hr.yaml
@@ -39,6 +39,9 @@ spec:
               allowPrivilegeEscalation: false
               capabilities:
                 drop: ["ALL"]
+            ports:
+              - name: metrics
+                containerPort: 8080
             resources:
               requests:
                 cpu: "10m"
@@ -68,14 +71,6 @@ spec:
               limits:
                 cpu: "1"
                 memory: "50Mi"
-    #service:
-    #  fluentbit:
-    #    controller: fluentbit
-    #    ports:
-    #      http:
-    #        port: 8080
-    #        protocol: HTTP
-    #        appProtocol: http
     persistence:
       config:
         type: configMap
diff --git a/kube/deploy/core/secrets/external-secrets/app/hr.yaml b/kube/deploy/core/secrets/external-secrets/app/hr.yaml
index 37e0c2c9..198bce5c 100644
--- a/kube/deploy/core/secrets/external-secrets/app/hr.yaml
+++ b/kube/deploy/core/secrets/external-secrets/app/hr.yaml
@@ -35,7 +35,7 @@ spec:
         cpu: 25m
       limits:
         cpu: '3'
-        memory: 2Gi
+        memory: 200Mi
     # global:
     #   tolerations:
     #     - operator: Exists
@@ -49,10 +49,10 @@ spec:
         interval: 1m
       resources:
         requests:
-          cpu: 10m
+          cpu: 2m
         limits:
           cpu: '1'
-          memory: 512Mi
+          memory: 200Mi
     serviceMonitor:
       enabled: true
       interval: 1m
@@ -67,10 +67,10 @@ spec:
         prom.home.arpa/kps: "allow"
       resources:
         requests:
-          cpu: 10m
+          cpu: 2m
         limits:
           cpu: '1'
-          memory: 256Mi
+          memory: 200Mi
     podSecurityContext:
       fsGroup: 1000
       fsGroupChangePolicy: Always
@@ -113,7 +113,7 @@ spec:
             cpu: 300m
           limits:
             cpu: "3"
-            memory: 1Gi
+            memory: 150Mi
       - name: onepassword-connect-sync
         image: docker.io/1password/connect-sync:1.7.3@sha256:2f17621c7eb27bbcb1f86bbc5e5a5198bf54ac3b9c2ffac38064d03c932b07d5
         imagePullPolicy: IfNotPresent
@@ -138,9 +138,8 @@ spec:
           requests:
             cpu: 10m
           limits:
-            cpu: "3"
-            memory: 512Mi
-            ephemeral-storage: 1Gi
+            cpu: "1"
+            memory: 150Mi
     extraVolumes:
       - name: 1p
         secret:
@@ -148,3 +147,5 @@ spec:
           defaultMode: 0440
       - name: 1p-tmp
         emptyDir: {}
+          # medium: Memory
+          # sizeLimit: 768Mi
diff --git a/kube/deploy/core/spegel/app/hr.yaml b/kube/deploy/core/spegel/app/hr.yaml
index 007f4e4b..a3c0ad35 100644
--- a/kube/deploy/core/spegel/app/hr.yaml
+++ b/kube/deploy/core/spegel/app/hr.yaml
@@ -5,6 +5,7 @@ metadata:
   name: &app spegel
   namespace: kube-system
 spec:
+  interval: 5m
   chart:
     spec:
       chart: spegel