fix: run k3s as root, bump HPA CPU threshold to 80%
k3s needs CAP_SYS_ADMIN to create network namespaces and mount cgroups. USER landing was preventing this. Cloud Run gen2 is the security boundary. 60% CPU was too conservative for soul-demo — it is I/O-bound (LLM API calls), not CPU-bound. 80% gives correct headroom before scaling kicks in.
This commit is contained in:
+2
-1
@@ -115,7 +115,8 @@ ENV NEURON_PORT=7772
|
||||
ENV K3S_DATA_DIR=/var/lib/rancher/k3s
|
||||
ENV KUBECONFIG=/var/lib/rancher/k3s/server/cred/admin.kubeconfig
|
||||
|
||||
USER landing
|
||||
# k3s requires root to create network namespaces and mount cgroups.
|
||||
# Cloud Run gen2 sandbox is the security boundary here.
|
||||
EXPOSE 8080
|
||||
|
||||
CMD ["/usr/local/bin/entrypoint.sh"]
|
||||
|
||||
Vendored
+1
-1
@@ -87,4 +87,4 @@ spec:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: 60
|
||||
averageUtilization: 80
|
||||
|
||||
Reference in New Issue
Block a user