forgejo_admin/pal-e-platform
1
0
Fork 1
Code Issues 35 Pull requests Projects Releases Packages Wiki Activity Actions

Bump ArgoCD repo-server memory limit (1 alert) #112

New issue
Closed
opened 2026-03-18 17:03:48 +00:00 by forgejo_admin · 3 comments
forgejo_admin commented 2026-03-18 17:03:48 +00:00
Owner
Copy link

Lineage

plan-pal-e-platform → Platform Hardening

Repo

forgejo_admin/pal-e-services

User Story

As a platform operator
I want ArgoCD repo-server to have sufficient memory
So that it stops OOMKilling every few hours and can reliably deploy all 8 applications

Context

ArgoCD repo-server OOMKilled 4 times in 4 days. Current limit is 256Mi, managing 8 ArgoCD Applications with a SOPS CMP plugin sidecar. Memory usage climbs past 256Mi over hours as it clones repos, renders manifests, and caches results. Current: requests=64Mi, limits=256Mi. Usage after restart: 81Mi, climbs over time.

File Targets

  • ~/pal-e-services/terraform/main.tf lines 93-97 — bump requests.memory: 64Mi → 128Mi, limits.memory: 256Mi → 512Mi

Files NOT to touch:

  • ArgoCD Application resources — the issue is the server process, not the apps

Acceptance Criteria

  • No OOMKill events for 48 hours
  • kubectl top pod -n argocd -l app.kubernetes.io/component=repo-server stays under 512Mi
  • OOMKilled alert clears

Test Expectations

  • tofu plan -lock=false shows only the memory limit changes
  • After apply: kubectl describe pod -n argocd -l app.kubernetes.io/component=repo-server shows new limits
  • Monitor for 48h: no restarts with exitCode 137

Constraints

  • Straightforward helm values change, no dependencies
  • tofu apply -lock=false in pal-e-services
  • 512Mi is 2x current — conservative bump. If it OOMs again, go to 768Mi.

Checklist

  • Memory limits bumped
  • PR opened
  • tofu plan clean
  • Tests pass
  • No unrelated changes

Related

  • pal-e-platform — project board
  • Issue #109 — umbrella alert cleanup
### Lineage `plan-pal-e-platform` → Platform Hardening ### Repo `forgejo_admin/pal-e-services` ### User Story As a platform operator I want ArgoCD repo-server to have sufficient memory So that it stops OOMKilling every few hours and can reliably deploy all 8 applications ### Context ArgoCD repo-server OOMKilled 4 times in 4 days. Current limit is 256Mi, managing 8 ArgoCD Applications with a SOPS CMP plugin sidecar. Memory usage climbs past 256Mi over hours as it clones repos, renders manifests, and caches results. Current: requests=64Mi, limits=256Mi. Usage after restart: 81Mi, climbs over time. ### File Targets - `~/pal-e-services/terraform/main.tf` lines 93-97 — bump `requests.memory: 64Mi → 128Mi`, `limits.memory: 256Mi → 512Mi` Files NOT to touch: - ArgoCD Application resources — the issue is the server process, not the apps ### Acceptance Criteria - [ ] No OOMKill events for 48 hours - [ ] `kubectl top pod -n argocd -l app.kubernetes.io/component=repo-server` stays under 512Mi - [ ] OOMKilled alert clears ### Test Expectations - [ ] `tofu plan -lock=false` shows only the memory limit changes - [ ] After apply: `kubectl describe pod -n argocd -l app.kubernetes.io/component=repo-server` shows new limits - [ ] Monitor for 48h: no restarts with exitCode 137 ### Constraints - Straightforward helm values change, no dependencies - `tofu apply -lock=false` in pal-e-services - 512Mi is 2x current — conservative bump. If it OOMs again, go to 768Mi. ### Checklist - [ ] Memory limits bumped - [ ] PR opened - [ ] `tofu plan` clean - [ ] Tests pass - [ ] No unrelated changes ### Related - `pal-e-platform` — project board - Issue #109 — umbrella alert cleanup
forgejo_admin commented 2026-03-18 18:10:33 +00:00
Author
Owner
Copy link

Scope Review: READY

Review note: review-191-2026-03-18
Scope is solid — all template sections present, file targets verified at lines 93-97 of pal-e-services/terraform/main.tf, acceptance criteria are agent-testable. One blast radius note: ArgoCD server component (lines 79-84) has identical 64Mi/256Mi limits worth monitoring post-fix.

## Scope Review: READY Review note: `review-191-2026-03-18` Scope is solid — all template sections present, file targets verified at lines 93-97 of `pal-e-services/terraform/main.tf`, acceptance criteria are agent-testable. One blast radius note: ArgoCD `server` component (lines 79-84) has identical 64Mi/256Mi limits worth monitoring post-fix.
forgejo_admin commented 2026-03-18 18:28:27 +00:00
Author
Owner
Copy link

Scope Review: NEEDS_REFINEMENT

Review note: review-item-191-2026-03-18
Repo mismatch: issue filed on pal-e-platform but code change is in pal-e-services (terraform/main.tf lines 93-97). Agent will target wrong repo.

  • Fix required: Move issue to pal-e-services or create cross-repo companion issue
  • Minor: 48-hour OOM criterion not agent-verifiable — add Prometheus query
  • Minor: SOPS sidecar shares the 512Mi limit — document for future debugging
## Scope Review: NEEDS_REFINEMENT Review note: `review-item-191-2026-03-18` Repo mismatch: issue filed on pal-e-platform but code change is in pal-e-services (terraform/main.tf lines 93-97). Agent will target wrong repo. - **Fix required:** Move issue to pal-e-services or create cross-repo companion issue - **Minor:** 48-hour OOM criterion not agent-verifiable — add Prometheus query - **Minor:** SOPS sidecar shares the 512Mi limit — document for future debugging
forgejo_admin commented 2026-03-18 18:32:49 +00:00
Author
Owner
Copy link

Moved to pal-e-services — the fix is in that repo, not pal-e-platform. See the new issue there.

Moved to pal-e-services — the fix is in that repo, not pal-e-platform. See the new issue there.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
188-cross-repo-worktree-isolation-for-parall
111-fix-keycloak-probe
86-fix-rotate-woodpecker-api-token-in-salt
71-feat-deploy-pyrra-slo-manager-with-servi
64-hotfix-woodpecker-oauth-login-broken-for
18-fix-grafana-duplicate-default-datasource-v2
18-fix-grafana-duplicate-default-datasource
13-fix-cnpg-all-parameters
No results found.
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo_admin/pal-e-platform#112
No description provided.