From 57e26c1cd92f0174378c0239c922cc2992bc4462 Mon Sep 17 00:00:00 2001
From: Mondo Diaz <armando.m.diaz@boeing.com>
Date: Thu, 15 Jan 2026 19:55:29 +0000
Subject: [PATCH] Add comprehensive resource limits for all subchart containers

- Add resourcesPreset: none to use explicit resources
- Add volumePermissions init container resources for PostgreSQL
- Add volumePermissions init container resources for MinIO
- Add provisioning job resources for MinIO
- All memory requests = limits per Kyverno policy
---
 helm/orchard/values-dev.yaml   | 32 ++++++++++++++++++++++++++++++++
 helm/orchard/values-stage.yaml | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+)

diff --git a/helm/orchard/values-dev.yaml b/helm/orchard/values-dev.yaml
index b589954..2b461df 100644
--- a/helm/orchard/values-dev.yaml
+++ b/helm/orchard/values-dev.yaml
@@ -129,6 +129,7 @@ postgresql:
     persistence:
       enabled: false
     # Resources with memory requests = limits per cluster policy
+    resourcesPreset: "none"
     resources:
       limits:
         cpu: 250m
@@ -136,6 +137,16 @@ postgresql:
       requests:
         cpu: 100m
         memory: 256Mi
+  # Volume permissions init container
+  volumePermissions:
+    resourcesPreset: "none"
+    resources:
+      limits:
+        cpu: 50m
+        memory: 64Mi
+      requests:
+        cpu: 10m
+        memory: 64Mi
 
 # MinIO - ephemeral, no persistence
 minio:
@@ -152,6 +163,7 @@ minio:
   persistence:
     enabled: false
   # Resources with memory requests = limits per cluster policy
+  resourcesPreset: "none"  # Disable preset to use explicit resources
   resources:
     limits:
       cpu: 250m
@@ -159,6 +171,26 @@ minio:
     requests:
       cpu: 100m
       memory: 256Mi
+  # Init container resources
+  defaultInitContainers:
+    volumePermissions:
+      resourcesPreset: "none"
+      resources:
+        limits:
+          cpu: 50m
+          memory: 64Mi
+        requests:
+          cpu: 10m
+          memory: 64Mi
+  # Provisioning job resources
+  provisioning:
+    resources:
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 50m
+        memory: 128Mi
 
 # MinIO ingress - hostname overridden by CI
 minioIngress:
diff --git a/helm/orchard/values-stage.yaml b/helm/orchard/values-stage.yaml
index 5bce964..c702bcb 100644
--- a/helm/orchard/values-stage.yaml
+++ b/helm/orchard/values-stage.yaml
@@ -137,6 +137,7 @@ postgresql:
       enabled: false
       size: 10Gi
     # Resources with memory requests = limits per cluster policy
+    resourcesPreset: "none"
     resources:
       limits:
         cpu: 500m
@@ -144,6 +145,16 @@ postgresql:
       requests:
         cpu: 250m
         memory: 512Mi
+  # Volume permissions init container
+  volumePermissions:
+    resourcesPreset: "none"
+    resources:
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 50m
+        memory: 128Mi
 
 # MinIO subchart configuration
 minio:
@@ -161,6 +172,7 @@ minio:
     enabled: false
     size: 50Gi
   # Resources with memory requests = limits per cluster policy
+  resourcesPreset: "none"  # Disable preset to use explicit resources
   resources:
     limits:
       cpu: 500m
@@ -168,6 +180,26 @@ minio:
     requests:
       cpu: 250m
       memory: 512Mi
+  # Init container resources
+  defaultInitContainers:
+    volumePermissions:
+      resourcesPreset: "none"
+      resources:
+        limits:
+          cpu: 100m
+          memory: 128Mi
+        requests:
+          cpu: 50m
+          memory: 128Mi
+  # Provisioning job resources
+  provisioning:
+    resources:
+      limits:
+        cpu: 200m
+        memory: 256Mi
+      requests:
+        cpu: 100m
+        memory: 256Mi
 
 # MinIO external ingress for presigned URL access (separate from subchart ingress)
 minioIngress: