Raise default resources to 4 CPU / 8Gi and default image to latest#3
Merged
Conversation
Metadata filtering parsing large PyPI indexes (e.g. aiohttp, ~10k files) peaks ~1GB per worker and OOM-kills the old 768Mi default (Roark Capital outage, CE-249). Bump default resources to 4 CPU / 8Gi (memory request == limit for Guaranteed QoS so the pod isn't evicted under node pressure) and the nginx defaults the chart exposes (worker_processes 4, worker_connections 8192, access_log_buffer off). Chart 0.2.4 -> 0.3.0.
Per Doug: default to the latest published image so deployments pick up new releases without a chart bump; customers pin a version for reproducibility. Set pullPolicy to Always so 'latest' actually refreshes on pod restart.
Douglas (dacoburn)
approved these changes
Jun 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
resources: limits 4 CPU / 8Gi (was 1 / 768Mi); requests 2 CPU / 8Gi — memory request == limit (Guaranteed QoS) so the pod isn't evicted/OOM-killed under node pressure.image: tag →latest, pullPolicy →Alwayssolatestactually refreshes on pod restart. Pin a version (tag: "1.1.327") to opt out.nginx:worker_processes 4,worker_connections 8192,access_log_buffer off.Chart.yaml:0.2.4 → 0.3.0— the version bump is what triggers the release workflow to publish, so a customer'shelm upgradepicks up the new floor.Why
Metadata filtering parsing large PyPI indexes (aiohttp: 310 versions, ~10k files) peaks ~1GB per worker; the 768Mi default OOM-kills the pod, which took Roark Capital's self-hosted firewall down (CE-249). David reproduced: 768Mi OOMs, 8GB completes. Defaulting the image to
latestkeeps deployments current without a chart bump per release.Validated:
helm lint/helm template/kubeconformpass; rendered deployment shows 4 / 8Gi, renderedsocket.ymlshows the nginx values, image renders:latest+Always.Not in this PR
Promoting the chart to officially-maintained with the full set of config options (the fuller nginx block, metadata-filtering tuning, etc.) is tracked in CE-252. Environment-specific keys (
resolver,client_max_body_size) will be exposed there but defaulted safely — this PR only changes the few knobs the chart already exposes.