From f442255833904bb1a0eec25ac86eea4a6b9b6163 Mon Sep 17 00:00:00 2001
From: Felix Wolf <felix.wolf@blueworld-gmbh.de>
Date: Mon, 6 Apr 2026 16:39:24 +0200
Subject: [PATCH] feat: configure storageusers resources and anti-affinity

Assigns specific CPU and memory requests and limits to the storageusers service to ensure stable operation and efficient resource utilization.

Introduces pod anti-affinity for storageusers to prevent it from being scheduled on the same node as victoria-metrics-single, improving resilience and preventing potential resource contention.
---
 prototypes/ocis/helm/ocis.yaml                |  6 ++++++
 .../ocis/ytt/storageusers-affinity.ytt.yaml   | 20 +++++++++++++++++++
 .../ocis/configmap-auth-service.yaml          |  2 +-
 .../envs/production/ocis/configmap-graph.yaml |  2 +-
 .../ocis/configmap-storage-users.yaml         |  2 +-
 .../ocis/deployment-storageusers.yaml         | 16 ++++++++++++++-
 6 files changed, 44 insertions(+), 4 deletions(-)
 create mode 100644 prototypes/ocis/ytt/storageusers-affinity.ytt.yaml

diff --git a/prototypes/ocis/helm/ocis.yaml b/prototypes/ocis/helm/ocis.yaml
index a627f5e..d2b4fe2 100644
--- a/prototypes/ocis/helm/ocis.yaml
+++ b/prototypes/ocis/helm/ocis.yaml
@@ -38,6 +38,12 @@ secretRefs:
 
 services:
   storageusers:
+    resources:
+      requests:
+        memory: 512Mi
+        cpu: 10m
+      limits:
+        memory: 1536Mi
     storageBackend:
       driver: s3ng
       driverConfig:
diff --git a/prototypes/ocis/ytt/storageusers-affinity.ytt.yaml b/prototypes/ocis/ytt/storageusers-affinity.ytt.yaml
new file mode 100644
index 0000000..9720516
--- /dev/null
+++ b/prototypes/ocis/ytt/storageusers-affinity.ytt.yaml
@@ -0,0 +1,20 @@
+#@ load("@ytt:overlay", "overlay")
+
+#@overlay/match by=overlay.subset({"kind": "Deployment", "metadata": {"name": "storageusers"}})
+---
+spec:
+  template:
+    spec:
+      #@overlay/match missing_ok=True
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              podAffinityTerm:
+                labelSelector:
+                  matchExpressions:
+                    - key: app.kubernetes.io/name
+                      operator: In
+                      values:
+                        - victoria-metrics-single
+                topologyKey: kubernetes.io/hostname
diff --git a/rendered/envs/production/ocis/configmap-auth-service.yaml b/rendered/envs/production/ocis/configmap-auth-service.yaml
index bd50c45..b4ab15c 100644
--- a/rendered/envs/production/ocis/configmap-auth-service.yaml
+++ b/rendered/envs/production/ocis/configmap-auth-service.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 data:
-  service-account-id: 2387fad3-be34-4b10-948b-421873985560
+  service-account-id: c5e80613-df24-48ee-9ddf-08f0c1023e7e
 kind: ConfigMap
 metadata:
   annotations:
diff --git a/rendered/envs/production/ocis/configmap-graph.yaml b/rendered/envs/production/ocis/configmap-graph.yaml
index 3be71db..129bd0d 100644
--- a/rendered/envs/production/ocis/configmap-graph.yaml
+++ b/rendered/envs/production/ocis/configmap-graph.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 data:
-  application-id: d019e54c-51c8-46ab-aded-87182aafcee4
+  application-id: b8106974-0cc9-429b-b779-c63ba898a76d
 kind: ConfigMap
 metadata:
   annotations:
diff --git a/rendered/envs/production/ocis/configmap-storage-users.yaml b/rendered/envs/production/ocis/configmap-storage-users.yaml
index 43766b5..2e452b0 100644
--- a/rendered/envs/production/ocis/configmap-storage-users.yaml
+++ b/rendered/envs/production/ocis/configmap-storage-users.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 data:
-  storage-uuid: 30a27136-b87a-431f-9d0d-0cfec28061e4
+  storage-uuid: 245f3f9c-dea3-4996-afb3-3fb3e73dbd8e
 kind: ConfigMap
 metadata:
   annotations:
diff --git a/rendered/envs/production/ocis/deployment-storageusers.yaml b/rendered/envs/production/ocis/deployment-storageusers.yaml
index dfc7416..d6220aa 100644
--- a/rendered/envs/production/ocis/deployment-storageusers.yaml
+++ b/rendered/envs/production/ocis/deployment-storageusers.yaml
@@ -31,6 +31,18 @@ spec:
         app.kubernetes.io/version: 7.1.4
         helm.sh/chart: ocis-0.7.0
     spec:
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - podAffinityTerm:
+                labelSelector:
+                  matchExpressions:
+                    - key: app.kubernetes.io/name
+                      operator: In
+                      values:
+                        - victoria-metrics-single
+                topologyKey: kubernetes.io/hostname
+              weight: 100
       containers:
         - args:
             - storage-users
@@ -168,9 +180,11 @@ spec:
             - containerPort: 9159
               name: metrics-debug
           resources:
+            limits:
+              memory: 1536Mi
             requests:
               cpu: 10m
-              memory: 64Mi
+              memory: 512Mi
           securityContext:
             readOnlyRootFilesystem: true
             runAsGroup: 1000