From 3f8be0a66e87d5edca0cf5fe29dcbbe348703167 Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Sun, 16 Feb 2025 10:36:19 +0800
Subject: [PATCH] fix(cilium): resource tuning

---
 .../cilium/app/config/biohazard/helm-values.yaml      |  8 --------
 kube/deploy/core/_networking/cilium/app/hr.yaml       | 11 ++---------
 2 files changed, 2 insertions(+), 17 deletions(-)

diff --git a/kube/deploy/core/_networking/cilium/app/config/biohazard/helm-values.yaml b/kube/deploy/core/_networking/cilium/app/config/biohazard/helm-values.yaml
index 28f50b07..08e3264d 100644
--- a/kube/deploy/core/_networking/cilium/app/config/biohazard/helm-values.yaml
+++ b/kube/deploy/core/_networking/cilium/app/config/biohazard/helm-values.yaml
@@ -6,14 +6,6 @@ securityContext:
   capabilities:
     ciliumAgent: [CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,NET_BIND_SERVICE,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID]
     cleanCiliumState: [NET_ADMIN,SYS_ADMIN,SYS_RESOURCE]
-# podSecurityContext:
-#   appArmorProfile:
-#     type: "Unconfined"
-# # podAnnotations:
-# #   "container.apparmor.security.beta.kubernetes.io/apply-sysctl-overwrites": "runtime/default"
-# #   "container.apparmor.security.beta.kubernetes.io/cilium-agent": "runtime/default"
-# #   "container.apparmor.security.beta.kubernetes.io/clean-cilium-state": "runtime/default"
-# #   "container.apparmor.security.beta.kubernetes.io/mount-cgroup": "runtime/default"
 cgroup:
   autoMount:
     enabled: false
diff --git a/kube/deploy/core/_networking/cilium/app/hr.yaml b/kube/deploy/core/_networking/cilium/app/hr.yaml
index 0b835462..3238283c 100644
--- a/kube/deploy/core/_networking/cilium/app/hr.yaml
+++ b/kube/deploy/core/_networking/cilium/app/hr.yaml
@@ -27,13 +27,6 @@ spec:
       valuesKey: "${CLUSTER_NAME:=biohazard}.yaml"
       optional: false
   values:
-    # image: # for Renovate changelog
-    #   repository: "quay.io/cilium/cilium"
-    #   tag: "v1.15.1"
-    ## NOTE: Cilium Agent API rate limit configuration
-    ### upon reboot/untaint/uncordon, burst(s) of pod creations causes Cilium to 429 rate limit pods from getting their network configuration
-    ### current config stolen from https://github.com/cilium/cilium/issues/24361#issuecomment-1564825275
-    #apiRateLimit: "endpoint-create=auto-adjust:true,estimated-processing-duration:1s,mean-over:15"
     ## NOTE: BGP for LoadBalancer services
     ### `bgpControlPlane.enabled: true` is newer GoBGP implementation, while `bgp.enabled: true` and `bgp.announce` uses older MetalLB BGP implementation that is planned to be deprecated in Cilium v1.15.
     ### `bgp.announce` block is replaced by CiliumBGPPeeringPolicy CRD used by bgpControlPlane, for more fine grained control over announced addresses
@@ -133,7 +126,7 @@ spec:
     resources: # for agent
       requests:
         cpu: "100m"
-        memory: "1Gi"
+        memory: "512Mi"
       limits:
-        cpu: "1"
+        cpu: "2"
         memory: "6Gi"