container lifecycle management

2026-03-12 15:13:38 -04:00
parent e99ef5d2dd
commit b9cc397e05
61 changed files with 6880 additions and 31 deletions
--- a/deploy/k8s/base/agent-quotas.yaml
+++ b/deploy/k8s/base/agent-quotas.yaml
@@ -0,0 +1,53 @@
+# Resource constraints for the dexorder-agents namespace
+# These limits apply regardless of what the gateway requests
+---
+# LimitRange: per-container defaults and maximums
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: agent-limits
+  namespace: dexorder-agents
+spec:
+  limits:
+    # Default limits applied if deployment doesn't specify
+    - type: Container
+      default:
+        memory: "512Mi"
+        cpu: "500m"
+      defaultRequest:
+        memory: "256Mi"
+        cpu: "100m"
+      # Maximum any single container can request
+      max:
+        memory: "2Gi"
+        cpu: "2000m"
+      min:
+        memory: "64Mi"
+        cpu: "50m"
+    # PVC size limits
+    - type: PersistentVolumeClaim
+      max:
+        storage: "10Gi"
+      min:
+        storage: "100Mi"
+---
+# ResourceQuota: total namespace limits
+# Prevents a compromised gateway from exhausting cluster resources
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: agent-quota
+  namespace: dexorder-agents
+spec:
+  hard:
+    # Total compute limits for all agents combined
+    requests.cpu: "20"
+    requests.memory: "40Gi"
+    limits.cpu: "40"
+    limits.memory: "80Gi"
+    # Object count limits
+    pods: "100"
+    persistentvolumeclaims: "100"
+    services: "100"
+    # Storage limits
+    requests.storage: "500Gi"