From 5acc1c7f9e89c66d7a793be642a44e4c32c2f820 Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Sat, 10 Jan 2026 14:32:33 +0900 Subject: [PATCH] PERF(security): adjust resources based on VPA MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update authelia memory 256Mi→194Mi - Update authelia redis cpu 10m→23m, memory 64Mi→100Mi - Update falco memory 263Mi→283Mi - Update falcosidekick cpu 10m→15m, memory 128Mi→100Mi - Update external-secrets operator cpu 5m→15m, memory 128Mi→100Mi - Update external-secrets webhook cpu 2m→15m, memory 128Mi→100Mi - Update external-secrets certController cpu 2m→15m, memory 256Mi→283Mi - Update vault cpu 35m→49m, memory 263Mi→175Mi --- authelia/helm-values.yaml | 10 +++++----- external-secrets/helm-values.yaml | 21 +++++++++------------ falco/helm-values.yaml | 10 +++++----- vault/helm-values.yaml | 6 +++--- 4 files changed, 22 insertions(+), 25 deletions(-) diff --git a/authelia/helm-values.yaml b/authelia/helm-values.yaml index 1d3791a..e63a606 100644 --- a/authelia/helm-values.yaml +++ b/authelia/helm-values.yaml @@ -15,9 +15,9 @@ pod: resources: requests: cpu: 15m - memory: 256Mi + memory: 194Mi limits: - memory: 256Mi + memory: 194Mi extraVolumes: - name: users-database configMap: @@ -201,9 +201,9 @@ redis: master: resources: requests: - cpu: 10m - memory: 64Mi + cpu: 23m + memory: 100Mi limits: - memory: 64Mi + memory: 100Mi # No persistence needed - using PostgreSQL diff --git a/external-secrets/helm-values.yaml b/external-secrets/helm-values.yaml index a42c2ca..f69bd39 100644 --- a/external-secrets/helm-values.yaml +++ b/external-secrets/helm-values.yaml @@ -7,11 +7,10 @@ replicaCount: 1 # 리소스 제한 resources: requests: - cpu: 5m # Reduced from 20m based on actual usage (1m) - memory: 128Mi + cpu: 15m + memory: 100Mi limits: - # cpu: removed to prevent throttling - memory: 128Mi + memory: 100Mi # 동시 실행 제한 concurrent: 3 @@ -28,11 +27,10 @@ webhook: replicaCount: 1 resources: requests: - cpu: 2m # Reduced from 10m based on actual usage (1m) - memory: 128Mi + cpu: 15m + memory: 100Mi limits: - # cpu: removed to prevent throttling - memory: 128Mi + memory: 100Mi # Affinity - Soft Anti-Affinity to spread pods across nodes affinity: podAntiAffinity: @@ -49,11 +47,10 @@ certController: replicaCount: 1 resources: requests: - cpu: 2m # Reduced from 10m based on actual usage (1m) - memory: 256Mi + cpu: 15m + memory: 283Mi limits: - # cpu: removed to prevent throttling - memory: 256Mi + memory: 283Mi # Affinity - Soft Anti-Affinity to spread pods across nodes affinity: podAntiAffinity: diff --git a/falco/helm-values.yaml b/falco/helm-values.yaml index 670f42f..d32c8e0 100644 --- a/falco/helm-values.yaml +++ b/falco/helm-values.yaml @@ -16,10 +16,10 @@ image: resources: requests: cpu: 49m - memory: 263Mi + memory: 283Mi limits: cpu: null # Disable chart default (1 core) - memory: 263Mi + memory: 283Mi # Falco configuration falco: @@ -125,10 +125,10 @@ falcosidekick: resources: requests: - cpu: 10m - memory: 128Mi + cpu: 15m + memory: 100Mi limits: - memory: 128Mi + memory: 100Mi config: # Output to stdout/logs diff --git a/vault/helm-values.yaml b/vault/helm-values.yaml index 11426ec..aebc82a 100644 --- a/vault/helm-values.yaml +++ b/vault/helm-values.yaml @@ -46,10 +46,10 @@ server: # 리소스 제한 resources: requests: - cpu: 35m - memory: 263Mi + cpu: 49m + memory: 175Mi limits: - memory: 263Mi + memory: 175Mi # Ingress 설정 ingress: