diff --git a/local/infra/keycloak/keycloak.yaml b/local/infra/keycloak/keycloak.yaml index 2956a99..441f1eb 100644 --- a/local/infra/keycloak/keycloak.yaml +++ b/local/infra/keycloak/keycloak.yaml @@ -18,10 +18,10 @@ spec: resources: requests: cpu: "100m" - memory: "550Mi" + memory: "1Gi" limits: cpu: "1000m" - memory: "550Mi" + memory: "1536Mi" unsupported: podTemplate: spec: @@ -35,6 +35,13 @@ spec: - "--verbose" - "start" - "--import-realm" + env: + # Constrain the JVM heap so heap + non-heap RSS fits inside the + # container memory limit. Without this, Quarkus defaults to + # MaxRAMPercentage=70%, and heap + metaspace/GC/buffers exceed the + # limit and the pod is OOMKilled during the build phase. + - name: JAVA_OPTS_KC_HEAP + value: "-Xms256m -Xmx768m" volumeMounts: - name: realm-import mountPath: /opt/keycloak/data/import diff --git a/local/nats/skaffold.releases.yaml b/local/nats/skaffold.releases.yaml index 344fa97..c594a47 100644 --- a/local/nats/skaffold.releases.yaml +++ b/local/nats/skaffold.releases.yaml @@ -32,6 +32,10 @@ deploy: tolerateFailuresUntilDeadline: true helm: flags: + # Helm's default --wait timeout is 5m; the mTLS NATS cluster can take + # longer to become ready on slower/loaded machines, so give it headroom. + upgrade: + - --timeout=15m depBuild: - --repository-config=local/helm/repositories.yaml releases: @@ -61,6 +65,10 @@ deploy: tolerateFailuresUntilDeadline: true helm: flags: + # Helm's default --wait timeout is 5m; the mTLS NATS cluster can take + # longer to become ready on slower/loaded machines, so give it headroom. + upgrade: + - --timeout=15m depBuild: - --repository-config=local/helm/repositories.yaml releases: @@ -91,6 +99,10 @@ deploy: tolerateFailuresUntilDeadline: true helm: flags: + # Helm's default --wait timeout is 5m; the mTLS NATS cluster can take + # longer to become ready on slower/loaded machines, so give it headroom. + upgrade: + - --timeout=15m depBuild: - --repository-config=local/helm/repositories.yaml releases: