FIX(authelia): move affinity to top level

- Move affinity from pod.affinity to top-level affinity - Fix Helm chart schema validation error - Maintain soft anti-affinity configuration FIX(security): remove unsupported affinity from authelia - Remove affinity from authelia (chart schema limitation) - Fix external-secrets duplicate webhook/certController sections - Merge affinity into respective component sections - Authelia chart does not support affinity in values.yaml
2026-01-08 13:09:02 +09:00
parent cbf00275e8
commit 66d845140e
2 changed files with 36 additions and 22 deletions
--- a/external-secrets/helm-values.yaml
+++ b/external-secrets/helm-values.yaml
@@ -45,18 +45,17 @@ logLevel: info
 # CRD는 이미 설치되어 있으며, 업그레이드 시 수동으로 적용 필요
 installCRDs: false

-# Affinity - Soft Anti-Affinity to spread pods across nodes
-affinity:
-  podAntiAffinity:
-    preferredDuringSchedulingIgnoredDuringExecution:
-      - weight: 100
-        podAffinityTerm:
-          labelSelector:
-            matchLabels:
-              app.kubernetes.io/name: external-secrets
-          topologyKey: kubernetes.io/hostname
-
+# Webhook 설정
 webhook:
+  replicaCount: 2
+  resources:
+    requests:
+      cpu: 2m  # Reduced from 10m based on actual usage (1m)
+      memory: 32Mi
+    limits:
+      # cpu: removed to prevent throttling
+      memory: 128Mi
+  # Affinity - Soft Anti-Affinity to spread pods across nodes
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
@@ -67,7 +66,17 @@ webhook:
                app.kubernetes.io/name: external-secrets-webhook
            topologyKey: kubernetes.io/hostname

+# CertController 설정
 certController:
+  replicaCount: 2
+  resources:
+    requests:
+      cpu: 2m  # Reduced from 10m based on actual usage (1m)
+      memory: 32Mi
+    limits:
+      # cpu: removed to prevent throttling
+      memory: 128Mi
+  # Affinity - Soft Anti-Affinity to spread pods across nodes
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
@@ -77,3 +86,14 @@ certController:
              matchLabels:
                app.kubernetes.io/name: external-secrets-cert-controller
            topologyKey: kubernetes.io/hostname
+
+# Affinity - Soft Anti-Affinity to spread pods across nodes
+affinity:
+  podAntiAffinity:
+    preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        podAffinityTerm:
+          labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: external-secrets
+          topologyKey: kubernetes.io/hostname