alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Activity

chore: Update manifests after change

Browse Source
This commit is contained in:
Gitea
2026-04-04 23:03:12 +00:00
parent 79201ff95d
commit 09fe45c5ec
22 changed files with 302 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml
View File

@@ -773,7 +773,7 @@ data:
siteMonitor: http://yubal.yubal:80 siteMonitor: http://yubal.yubal:80
statusStyle: dot statusStyle: dot
- Music Grabber: - Music Grabber:
icon: sh-music-service.webp icon: sh-music-grabber.webp
description: Replicate Music playlists description: Replicate Music playlists
href: https://music-grabber.alexlebens.net href: https://music-grabber.alexlebens.net
siteMonitor: http://music-grabber.music-grabber:80 siteMonitor: http://music-grabber.music-grabber:80

2
clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml
View File

@@ -24,7 +24,7 @@ spec:
template: template:
metadata: metadata:
annotations: annotations:
checksum/configMaps: 50f931b34e6426dd49ee991e141af06691c31a739759f30cc262f461e4aa9e15 checksum/configMaps: 25d95f4e20076f5e4f3eecd74cdc275731e8707fae04b371f1886a60b02335f3
checksum/secrets: d3ba83f111cd32f92c909268c55ad8bbd4f9e299b74b35b33c1a011180d8b378 checksum/secrets: d3ba83f111cd32f92c909268c55ad8bbd4f9e299b74b35b33c1a011180d8b378
labels: labels:
app.kubernetes.io/controller: main app.kubernetes.io/controller: main

14
clusters/cl01tl/manifests/music-grabber/Deployment-music-grabber.yaml
View File

@@ -29,6 +29,9 @@ spec:
enableServiceLinks: false enableServiceLinks: false
serviceAccountName: default serviceAccountName: default
automountServiceAccountToken: true automountServiceAccountToken: true
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
hostIPC: false hostIPC: false
hostNetwork: false hostNetwork: false
hostPID: false hostPID: false
@@ -67,24 +70,23 @@ spec:
name: music-grabber-config-secret name: music-grabber-config-secret
- name: SLSKD_DOWNLOADS_PATH - name: SLSKD_DOWNLOADS_PATH
value: /mnt/store/slskd/Downloads value: /mnt/store/slskd/Downloads
image: g33kphr33k/musicgrabber:2.5.5 image: g33kphr33k/musicgrabber:2.5.5@sha256:756ce91653b2f5f17f8f47e5c91f07df5af82162608acdf507e6209a16725373
imagePullPolicy: IfNotPresent
name: main name: main
resources: resources:
limits: limits:
cpu: 100m cpu: 100m
requests: requests:
cpu: 10m cpu: 10m
memory: 512Mi memory: 50Mi
volumeMounts: volumeMounts:
- mountPath: /data - mountPath: /data
name: cache name: data
- mountPath: /mnt/store/ - mountPath: /mnt/store/
name: music name: music
volumes: volumes:
- name: cache - name: data
persistentVolumeClaim: persistentVolumeClaim:
claimName: music-grabber claimName: music-grabber-data
- name: music - name: music
persistentVolumeClaim: persistentVolumeClaim:
claimName: music-grabber-nfs-storage claimName: music-grabber-nfs-storage

12
clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-config-secret.yaml
View File

@@ -14,29 +14,17 @@ spec:
data: data:
- secretKey: navidrome-user - secretKey: navidrome-user
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/navidrome/admin key: /cl01tl/navidrome/admin
metadataPolicy: None
property: user property: user
- secretKey: navidrome-password - secretKey: navidrome-password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/navidrome/admin key: /cl01tl/navidrome/admin
metadataPolicy: None
property: password property: password
- secretKey: slskd-user - secretKey: slskd-user
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/slskd/auth key: /cl01tl/slskd/auth
metadataPolicy: None
property: user property: user
- secretKey: slskd-password - secretKey: slskd-password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/slskd/auth key: /cl01tl/slskd/auth
metadataPolicy: None
property: password property: password

58
clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-data-backup-secret-external.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: music-grabber-data-backup-secret-external
namespace: music-grabber
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: music-grabber
app.kubernetes.io/part-of: music-grabber
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: music-grabber-data-backup-secret-external
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/music-grabber/music-grabber-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY

58
clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-data-backup-secret-local.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: music-grabber-data-backup-secret-local
namespace: music-grabber
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: music-grabber
app.kubernetes.io/part-of: music-grabber
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: music-grabber-data-backup-secret-local
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/music-grabber/music-grabber-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-local
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-local
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

58
clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-data-backup-secret-remote.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: music-grabber-data-backup-secret-remote
namespace: music-grabber
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: music-grabber
app.kubernetes.io/part-of: music-grabber
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: music-grabber-data-backup-secret-remote
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/music-grabber/music-grabber-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-remote
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-remote
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

12
clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-wireguard-conf.yaml
View File

@@ -14,29 +14,17 @@ spec:
data: data:
- secretKey: private-key - secretKey: private-key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None
property: private-key property: private-key
- secretKey: preshared-key - secretKey: preshared-key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key property: preshared-key
- secretKey: addresses - secretKey: addresses
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None
property: addresses property: addresses
- secretKey: input-ports - secretKey: input-ports
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports property: input-ports

2
clusters/cl01tl/manifests/music-grabber/HTTPRoute-music-grabber.yaml
View File

@@ -23,7 +23,7 @@ spec:
name: music-grabber name: music-grabber
namespace: music-grabber namespace: music-grabber
port: 80 port: 80
weight: 100 weight: 1
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

11
clusters/cl01tl/manifests/music-grabber/Namespace-music-grabber.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: music-grabber
labels:
app.kubernetes.io/name: music-grabber
app.kubernetes.io/instance: music-grabber
app.kubernetes.io/part-of: music-grabber
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

4
clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber.yaml → clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber-data.yaml
View File

@@ -1,14 +1,12 @@
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: music-grabber name: music-grabber-data
labels: labels:
app.kubernetes.io/instance: music-grabber app.kubernetes.io/instance: music-grabber
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: music-grabber app.kubernetes.io/name: music-grabber
helm.sh/chart: music-grabber-4.6.2 helm.sh/chart: music-grabber-4.6.2
annotations:
helm.sh/resource-policy: keep
namespace: music-grabber namespace: music-grabber
spec: spec:
accessModes: accessModes:

29
clusters/cl01tl/manifests/music-grabber/ReplicationSource-music-grabber-data-backup-source-external.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: music-grabber-data-backup-source-external
namespace: music-grabber
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: music-grabber
app.kubernetes.io/part-of: music-grabber
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: music-grabber-data-backup
spec:
sourcePVC: music-grabber-data
trigger:
schedule: 46 10 * * *
restic:
pruneIntervalDays: 7
repository: music-grabber-data-backup-secret-external
retain:
daily: 7
hourly: 0
monthly: 3
weekly: 4
yearly: 1
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 1Gi

29
clusters/cl01tl/manifests/music-grabber/ReplicationSource-music-grabber-data-backup-source-local.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: music-grabber-data-backup-source-local
namespace: music-grabber
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: music-grabber
app.kubernetes.io/part-of: music-grabber
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: music-grabber-data-backup
spec:
sourcePVC: music-grabber-data
trigger:
schedule: 46 8 * * *
restic:
pruneIntervalDays: 7
repository: music-grabber-data-backup-secret-local
retain:
daily: 7
hourly: 0
monthly: 3
weekly: 4
yearly: 1
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 1Gi

29
clusters/cl01tl/manifests/music-grabber/ReplicationSource-music-grabber-data-backup-source-remote.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: music-grabber-data-backup-source-remote
namespace: music-grabber
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: music-grabber
app.kubernetes.io/part-of: music-grabber
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: music-grabber-data-backup
spec:
sourcePVC: music-grabber-data
trigger:
schedule: 46 9 * * *
restic:
pruneIntervalDays: 7
repository: music-grabber-data-backup-secret-remote
retain:
daily: 7
hourly: 0
monthly: 3
weekly: 4
yearly: 1
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 1Gi

7
clusters/cl01tl/manifests/navidrome/Deployment-navidrome-feishin.yaml
View File

@@ -43,6 +43,9 @@ spec:
value: navidrome value: navidrome
- name: SERVER_URL - name: SERVER_URL
value: https://navidrome.alexlebens.net value: https://navidrome.alexlebens.net
image: ghcr.io/jeffvli/feishin:1.0.1-beta.1@sha256:61239641f23a33f99c2858419b14afb66683f3cd82010363fba92be3993fd894 image: ghcr.io/jeffvli/feishin:1.9.0@sha256:5e6959afd27dabadd8f68fed8b0485d851593c61ca558194295bf8950262cc07
imagePullPolicy: IfNotPresent
name: main name: main
resources:
requests:
cpu: 1m
memory: 20Mi

8
clusters/cl01tl/manifests/navidrome/Deployment-navidrome-main.yaml
View File

@@ -29,6 +29,9 @@ spec:
enableServiceLinks: false enableServiceLinks: false
serviceAccountName: default serviceAccountName: default
automountServiceAccountToken: true automountServiceAccountToken: true
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
hostIPC: false hostIPC: false
hostNetwork: false hostNetwork: false
hostPID: false hostPID: false
@@ -49,8 +52,7 @@ spec:
value: "true" value: "true"
- name: ND_AUTOIMPORTPLAYLISTS - name: ND_AUTOIMPORTPLAYLISTS
value: "true" value: "true"
image: deluan/navidrome:0.61.0@sha256:b14a6acb5cd5ee73f3a13d63d8d68ede82dedb796aa522fbada94769d990cf0b image: ghcr.io/navidrome/navidrome:0.61.0@sha256:b14a6acb5cd5ee73f3a13d63d8d68ede82dedb796aa522fbada94769d990cf0b
imagePullPolicy: IfNotPresent
name: main name: main
resources: resources:
limits: limits:
@@ -58,7 +60,7 @@ spec:
requests: requests:
cpu: 10m cpu: 10m
gpu.intel.com/i915: 1 gpu.intel.com/i915: 1
memory: 128Mi memory: 50Mi
volumeMounts: volumeMounts:
- mountPath: /cache - mountPath: /cache
name: cache name: cache

2
clusters/cl01tl/manifests/navidrome/HTTPRoute-navidrome-feishin.yaml
View File

@@ -23,7 +23,7 @@ spec:
name: navidrome-feishin name: navidrome-feishin
namespace: navidrome namespace: navidrome
port: 80 port: 80
weight: 100 weight: 1
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

2
clusters/cl01tl/manifests/navidrome/HTTPRoute-navidrome-main.yaml
View File

@@ -23,7 +23,7 @@ spec:
name: navidrome-main name: navidrome-main
namespace: navidrome namespace: navidrome
port: 80 port: 80
weight: 100 weight: 1
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

9
clusters/cl01tl/manifests/node-feature-discovery/DaemonSet-node-feature-discovery-worker.yaml
View File

@@ -40,7 +40,7 @@ spec:
- ALL - ALL
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true runAsNonRoot: true
image: "registry.k8s.io/nfd/node-feature-discovery:v0.18.3" image: "gcr.io/k8s-staging-nfd/node-feature-discovery:v0.18.3@sha256:f9ef2ebee55141a1758d3c0a87bb701f5db2adf6856f7218b11bc2bac7b63862"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
httpGet: httpGet:
@@ -67,11 +67,10 @@ spec:
fieldRef: fieldRef:
fieldPath: metadata.uid fieldPath: metadata.uid
resources: resources:
limits: limits: {}
memory: 512Mi
requests: requests:
cpu: 20m cpu: 1m
memory: 60Mi memory: 20Mi
command: command:
- "nfd-worker" - "nfd-worker"
args: args:

9
clusters/cl01tl/manifests/node-feature-discovery/Deployment-node-feature-discovery-gc.yaml
View File

@@ -32,7 +32,7 @@ spec:
hostNetwork: false hostNetwork: false
containers: containers:
- name: gc - name: gc
image: "registry.k8s.io/nfd/node-feature-discovery:v0.18.3" image: "gcr.io/k8s-staging-nfd/node-feature-discovery:v0.18.3@sha256:f9ef2ebee55141a1758d3c0a87bb701f5db2adf6856f7218b11bc2bac7b63862"
imagePullPolicy: "IfNotPresent" imagePullPolicy: "IfNotPresent"
livenessProbe: livenessProbe:
httpGet: httpGet:
@@ -54,11 +54,10 @@ spec:
args: args:
- "-gc-interval=1h" - "-gc-interval=1h"
resources: resources:
limits: limits: {}
memory: 1Gi
requests: requests:
cpu: 20m cpu: 1m
memory: 60Mi memory: 20Mi
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:

11
clusters/cl01tl/manifests/node-feature-discovery/Deployment-node-feature-discovery-master.yaml
View File

@@ -11,7 +11,7 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
role: master role: master
spec: spec:
replicas: 2 replicas: 1
revisionHistoryLimit: revisionHistoryLimit:
selector: selector:
matchLabels: matchLabels:
@@ -42,7 +42,7 @@ spec:
- ALL - ALL
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true runAsNonRoot: true
image: "registry.k8s.io/nfd/node-feature-discovery:v0.18.3" image: "gcr.io/k8s-staging-nfd/node-feature-discovery:v0.18.3@sha256:f9ef2ebee55141a1758d3c0a87bb701f5db2adf6856f7218b11bc2bac7b63862"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
startupProbe: startupProbe:
httpGet: httpGet:
@@ -69,11 +69,10 @@ spec:
command: command:
- "nfd-master" - "nfd-master"
resources: resources:
limits: limits: {}
memory: 4Gi
requests: requests:
cpu: 20m cpu: 10m
memory: 60Mi memory: 20Mi
args: args:
- "-enable-leader-election" - "-enable-leader-election"
- "-feature-gates=NodeFeatureGroupAPI=true" - "-feature-gates=NodeFeatureGroupAPI=true"

9
clusters/cl01tl/manifests/node-feature-discovery/Job-node-feature-discovery-prune.yaml
View File

@@ -34,7 +34,7 @@ spec:
- ALL - ALL
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true runAsNonRoot: true
image: "registry.k8s.io/nfd/node-feature-discovery:v0.18.3" image: "gcr.io/k8s-staging-nfd/node-feature-discovery:v0.18.3@sha256:f9ef2ebee55141a1758d3c0a87bb701f5db2adf6856f7218b11bc2bac7b63862"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: command:
- "nfd-master" - "nfd-master"
@@ -56,8 +56,7 @@ spec:
key: node-role.kubernetes.io/control-plane key: node-role.kubernetes.io/control-plane
operator: Exists operator: Exists
resources: resources:
limits: limits: {}
memory: 4Gi
requests: requests:
cpu: 20m cpu: 10m
memory: 60Mi memory: 20Mi