chore(trino): set pod security standards and adjust resources

trino/justfile

@@ -8,12 +8,16 @@ export EXTERNAL_SECRETS_NAMESPACE := env("EXTERNAL_SECRETS_NAMESPACE", "external
 export K8S_VAULT_NAMESPACE := env("K8S_VAULT_NAMESPACE", "vault")
 export KEYCLOAK_HOST := env("KEYCLOAK_HOST", "")
 export KEYCLOAK_REALM := env("KEYCLOAK_REALM", "buunstack")
-export TRINO_COORDINATOR_MEMORY := env("TRINO_COORDINATOR_MEMORY", "4Gi")
-export TRINO_COORDINATOR_CPU := env("TRINO_COORDINATOR_CPU", "2")
-export TRINO_COORDINATOR_JVM_HEAP := env("TRINO_COORDINATOR_JVM_HEAP", "4G")
-export TRINO_WORKER_MEMORY := env("TRINO_WORKER_MEMORY", "4Gi")
-export TRINO_WORKER_CPU := env("TRINO_WORKER_CPU", "2")
-export TRINO_WORKER_JVM_HEAP := env("TRINO_WORKER_JVM_HEAP", "4G")
+export TRINO_COORDINATOR_MEMORY_REQUEST := env("TRINO_COORDINATOR_MEMORY_REQUEST", "2Gi")
+export TRINO_COORDINATOR_MEMORY_LIMIT := env("TRINO_COORDINATOR_MEMORY_LIMIT", "8Gi")
+export TRINO_COORDINATOR_CPU_REQUEST := env("TRINO_COORDINATOR_CPU_REQUEST", "100m")
+export TRINO_COORDINATOR_CPU_LIMIT := env("TRINO_COORDINATOR_CPU_LIMIT", "4")
+export TRINO_COORDINATOR_JVM_HEAP := env("TRINO_COORDINATOR_JVM_HEAP", "6G")
+export TRINO_WORKER_MEMORY_REQUEST := env("TRINO_WORKER_MEMORY_REQUEST", "2Gi")
+export TRINO_WORKER_MEMORY_LIMIT := env("TRINO_WORKER_MEMORY_LIMIT", "8Gi")
+export TRINO_WORKER_CPU_REQUEST := env("TRINO_WORKER_CPU_REQUEST", "100m")
+export TRINO_WORKER_CPU_LIMIT := env("TRINO_WORKER_CPU_LIMIT", "4")
+export TRINO_WORKER_JVM_HEAP := env("TRINO_WORKER_JVM_HEAP", "6G")
 export TRINO_WORKER_COUNT := env("TRINO_WORKER_COUNT", "2")
 export TRINO_POSTGRES_ENABLED := env("TRINO_POSTGRES_ENABLED", "true")
 export TRINO_ICEBERG_ENABLED := env("TRINO_ICEBERG_ENABLED", "")
@@ -239,6 +243,10 @@ install:
     done
     echo "Installing Trino..."
     just create-namespace
+
+    kubectl label namespace ${TRINO_NAMESPACE} \
+        pod-security.kubernetes.io/enforce=restricted --overwrite
+
     just create-oauth-client
     just create-password-secret