From ac543b940d254f09c53e5b53f8d8dc9b3e9407ab Mon Sep 17 00:00:00 2001 From: loks0n <22452787+loks0n@users.noreply.github.com> Date: Wed, 22 Jan 2025 10:59:11 +0000 Subject: [PATCH 1/3] deploy: optimise resources --- docker/production.yml | 37 ++++++++++------------ docker/stage.yml | 18 +++++++++-- terraform/environments/production/main.tf | 10 +++--- terraform/environments/staging/main.tf | 10 +++--- terraform/modules/digitalocean/droplets.tf | 10 ++++-- 5 files changed, 49 insertions(+), 36 deletions(-) diff --git a/docker/production.yml b/docker/production.yml index d9a669cbff..9350396a98 100644 --- a/docker/production.yml +++ b/docker/production.yml @@ -56,8 +56,15 @@ services: networks: - cloud deploy: - replicas: 3 <<: *x-update-config + replicas: 2 + resources: + limits: + cpus: '0.5' + memory: 512M + reservations: + cpus: '0.1' + memory: 256M placement: max_replicas_per_node: 1 constraints: @@ -84,32 +91,20 @@ services: deploy: <<: *x-update-config mode: replicated - replicas: 8 + replicas: 6 + resources: + limits: + cpus: '0.8' + memory: 1G + reservations: + cpus: '0.1' + memory: 512M placement: max_replicas_per_node: 2 constraints: - node.role == worker preferences: - spread: node.role == worker - labels: - - traefik.enable=true - - traefik.docker.lbswarm=true - - traefik.constraint-label-stack=appwrite - - traefik.http.services.appwrite_service.loadbalancer.server.port=3000 - - traefik.http.middlewares.appwrite_middlewares.compress=true - #http - - traefik.http.routers.appwrite.entrypoints=web - - traefik.http.routers.appwrite.rule=Host(`$_APP_DOMAIN`) || Host(`www.$_APP_DOMAIN`) - - traefik.http.routers.appwrite.service=appwrite_service - - traefik.http.routers.appwrite.middlewares=appwrite_middlewares - # https - - traefik.http.routers.appwrite_secure.entrypoints=websecure - - traefik.http.routers.appwrite_secure.rule=Host(`$_APP_DOMAIN`) || Host(`www.$_APP_DOMAIN`) - - traefik.http.routers.appwrite_secure.service=appwrite_service - - traefik.http.routers.appwrite_secure.tls=true - - traefik.http.routers.appwrite_secure.tls.certresolver=myresolver - - traefik.http.routers.appwrite_secure.middlewares=appwrite_middlewares - janitor: image: appwrite/docker-janitor deploy: diff --git a/docker/stage.yml b/docker/stage.yml index 1c12cbad81..d29002d03f 100644 --- a/docker/stage.yml +++ b/docker/stage.yml @@ -50,8 +50,15 @@ services: networks: - cloud deploy: - replicas: 3 <<: *x-update-config + replicas: 1 + resources: + limits: + cpus: '0.3' + memory: 256M + reservations: + cpus: '0.1' + memory: 128M placement: max_replicas_per_node: 1 constraints: @@ -78,7 +85,14 @@ services: deploy: <<: *x-update-config mode: replicated - replicas: 8 + replicas: 3 + resources: + limits: + cpus: '0.5' + memory: 512M + reservations: + cpus: '0.1' + memory: 256M placement: max_replicas_per_node: 2 constraints: diff --git a/terraform/environments/production/main.tf b/terraform/environments/production/main.tf index b5827b3dce..205c7ab1d9 100644 --- a/terraform/environments/production/main.tf +++ b/terraform/environments/production/main.tf @@ -6,11 +6,11 @@ module "droplets" { region = "fra1" environment = "prd" base_image = "docker-20-04" - worker_size = "s-2vcpu-2gb-amd" - worker_count = 6 + worker_size = "s-1vcpu-2gb-amd" + worker_count = 4 subnet_range = "10.117.0.0/20" - manager_size = "s-2vcpu-2gb-amd" - manager_count = 2 + manager_size = "s-1vcpu-2gb-amd" + manager_count = 1 digitalocean_project_name = "Production - Homepage" -} \ No newline at end of file +} diff --git a/terraform/environments/staging/main.tf b/terraform/environments/staging/main.tf index 42237140e3..96ecdea002 100644 --- a/terraform/environments/staging/main.tf +++ b/terraform/environments/staging/main.tf @@ -7,10 +7,10 @@ module "droplets" { environment = "stg" base_image = "docker-20-04" subnet_range = "10.116.0.0/20" - worker_size = "s-1vcpu-2gb" - worker_count = 4 - manager_size = "s-1vcpu-2gb" - manager_count = 2 + worker_size = "s-1vcpu-1gb" + worker_count = 2 + manager_size = "s-1vcpu-1gb" + manager_count = 1 digitalocean_project_name = "Staging - Homepage" -} \ No newline at end of file +} diff --git a/terraform/modules/digitalocean/droplets.tf b/terraform/modules/digitalocean/droplets.tf index 10b2f1fafd..48a12dd91c 100644 --- a/terraform/modules/digitalocean/droplets.tf +++ b/terraform/modules/digitalocean/droplets.tf @@ -24,7 +24,7 @@ resource "digitalocean_project" "homepage" { purpose = "Web Application" environment = "Development" resources = flatten([ - digitalocean_droplet.leader.urn, + digitalocean_droplet.leader.urn, digitalocean_droplet.manager[*].urn, digitalocean_droplet.worker[*].urn, digitalocean_droplet.nfs.urn @@ -167,6 +167,10 @@ resource "digitalocean_droplet" "worker" { "docker swarm join --token ${data.external.swarm_join_token.result.worker} ${digitalocean_droplet.leader.ipv4_address_private}:2377" ]) } + + lifecycle { + create_before_destroy = true + } } resource "digitalocean_droplet" "nfs" { @@ -191,7 +195,7 @@ resource "digitalocean_droplet" "nfs" { inline = [ "ufw allow 2049", "ufw reload", - "sudo apt update", + "sudo apt update", "sudo apt install -y nfs-kernel-server", "mkdir -p ${local.mount_nfs}", "echo '${local.mount_nfs} ${var.subnet_range}(rw,sync,no_root_squash,no_subtree_check)' >> /etc/exports", @@ -199,4 +203,4 @@ resource "digitalocean_droplet" "nfs" { "systemctl restart nfs-kernel-server", ] } -} \ No newline at end of file +} From 4bc9b900f0121845281f619b17a974362bab6214 Mon Sep 17 00:00:00 2001 From: loks0n <22452787+loks0n@users.noreply.github.com> Date: Wed, 22 Jan 2025 11:05:03 +0000 Subject: [PATCH 2/3] fix: restore labels --- docker/production.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docker/production.yml b/docker/production.yml index 9350396a98..7e450c1239 100644 --- a/docker/production.yml +++ b/docker/production.yml @@ -105,6 +105,25 @@ services: - node.role == worker preferences: - spread: node.role == worker + labels: + - traefik.enable=true + - traefik.docker.lbswarm=true + - traefik.constraint-label-stack=appwrite + - traefik.http.services.appwrite_service.loadbalancer.server.port=3000 + - traefik.http.middlewares.appwrite_middlewares.compress=true + #http + - traefik.http.routers.appwrite.entrypoints=web + - traefik.http.routers.appwrite.rule=Host(`$_APP_DOMAIN`) || Host(`www.$_APP_DOMAIN`) + - traefik.http.routers.appwrite.service=appwrite_service + - traefik.http.routers.appwrite.middlewares=appwrite_middlewares + # https + - traefik.http.routers.appwrite_secure.entrypoints=websecure + - traefik.http.routers.appwrite_secure.rule=Host(`$_APP_DOMAIN`) || Host(`www.$_APP_DOMAIN`) + - traefik.http.routers.appwrite_secure.service=appwrite_service + - traefik.http.routers.appwrite_secure.tls=true + - traefik.http.routers.appwrite_secure.tls.certresolver=myresolver + - traefik.http.routers.appwrite_secure.middlewares=appwrite_middlewares + janitor: image: appwrite/docker-janitor deploy: From e83b661bc67b03f84e1b5d3c01ead7c091a0b2a5 Mon Sep 17 00:00:00 2001 From: loks0n <22452787+loks0n@users.noreply.github.com> Date: Wed, 22 Jan 2025 11:05:59 +0000 Subject: [PATCH 3/3] fix: restore labels --- docker/production.yml | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/docker/production.yml b/docker/production.yml index 7e450c1239..3ca4b2c4cf 100644 --- a/docker/production.yml +++ b/docker/production.yml @@ -105,24 +105,24 @@ services: - node.role == worker preferences: - spread: node.role == worker - labels: - - traefik.enable=true - - traefik.docker.lbswarm=true - - traefik.constraint-label-stack=appwrite - - traefik.http.services.appwrite_service.loadbalancer.server.port=3000 - - traefik.http.middlewares.appwrite_middlewares.compress=true - #http - - traefik.http.routers.appwrite.entrypoints=web - - traefik.http.routers.appwrite.rule=Host(`$_APP_DOMAIN`) || Host(`www.$_APP_DOMAIN`) - - traefik.http.routers.appwrite.service=appwrite_service - - traefik.http.routers.appwrite.middlewares=appwrite_middlewares - # https - - traefik.http.routers.appwrite_secure.entrypoints=websecure - - traefik.http.routers.appwrite_secure.rule=Host(`$_APP_DOMAIN`) || Host(`www.$_APP_DOMAIN`) - - traefik.http.routers.appwrite_secure.service=appwrite_service - - traefik.http.routers.appwrite_secure.tls=true - - traefik.http.routers.appwrite_secure.tls.certresolver=myresolver - - traefik.http.routers.appwrite_secure.middlewares=appwrite_middlewares + labels: + - traefik.enable=true + - traefik.docker.lbswarm=true + - traefik.constraint-label-stack=appwrite + - traefik.http.services.appwrite_service.loadbalancer.server.port=3000 + - traefik.http.middlewares.appwrite_middlewares.compress=true + #http + - traefik.http.routers.appwrite.entrypoints=web + - traefik.http.routers.appwrite.rule=Host(`$_APP_DOMAIN`) || Host(`www.$_APP_DOMAIN`) + - traefik.http.routers.appwrite.service=appwrite_service + - traefik.http.routers.appwrite.middlewares=appwrite_middlewares + # https + - traefik.http.routers.appwrite_secure.entrypoints=websecure + - traefik.http.routers.appwrite_secure.rule=Host(`$_APP_DOMAIN`) || Host(`www.$_APP_DOMAIN`) + - traefik.http.routers.appwrite_secure.service=appwrite_service + - traefik.http.routers.appwrite_secure.tls=true + - traefik.http.routers.appwrite_secure.tls.certresolver=myresolver + - traefik.http.routers.appwrite_secure.middlewares=appwrite_middlewares janitor: image: appwrite/docker-janitor