From ac4cd12c7351f9b2e32dffa3f3e07c2ac3835607 Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Mon, 12 Jan 2026 02:13:42 +0900 Subject: [PATCH] PERF(security): remove CPU limits for stability - Remove CPU limits from authelia, cert-manager, external-secrets, falco, vault - Prevents CPU throttling issues --- authelia/helm-values.yaml | 6 ++---- cert-manager/helm-values.yaml | 9 +++------ external-secrets/helm-values.yaml | 9 +++------ falco/helm-values.yaml | 3 +-- vault/helm-values.yaml | 3 +-- 5 files changed, 10 insertions(+), 20 deletions(-) diff --git a/authelia/helm-values.yaml b/authelia/helm-values.yaml index 0438e28..11a4e4e 100644 --- a/authelia/helm-values.yaml +++ b/authelia/helm-values.yaml @@ -8,13 +8,12 @@ ingress: # Pod configuration pod: kind: DaemonSet - # Resource settings (VPA lowerBound/target) + # Resource settings (no CPU limit for stability) resources: requests: cpu: 15m memory: 100Mi limits: - cpu: 15m memory: 144Mi extraVolumes: - name: users-database @@ -197,13 +196,12 @@ redis: image: tag: latest master: - # Resource settings (VPA lowerBound/upperBound) + # Resource settings (no CPU limit for stability) resources: requests: cpu: 22m memory: 100Mi limits: - cpu: 32m memory: 100Mi # No persistence needed - using PostgreSQL diff --git a/cert-manager/helm-values.yaml b/cert-manager/helm-values.yaml index b0934f6..e847d40 100644 --- a/cert-manager/helm-values.yaml +++ b/cert-manager/helm-values.yaml @@ -6,24 +6,22 @@ installCRDs: true replicaCount: 1 -# Resource settings (VPA lowerBound/upperBound) +# Resource settings (no CPU limit for stability) resources: requests: cpu: 15m memory: 100Mi limits: - cpu: 15m memory: 100Mi webhook: replicaCount: 1 - # Resource settings (VPA lowerBound/upperBound) + # Resource settings (no CPU limit for stability) resources: requests: cpu: 15m memory: 100Mi limits: - cpu: 15m memory: 100Mi # Affinity - Soft Anti-Affinity to spread pods across nodes affinity: @@ -38,13 +36,12 @@ webhook: cainjector: replicaCount: 1 - # Resource settings (VPA lowerBound/target) + # Resource settings (no CPU limit for stability) resources: requests: cpu: 15m memory: 126Mi limits: - cpu: 15m memory: 248Mi # Affinity - Soft Anti-Affinity to spread pods across nodes affinity: diff --git a/external-secrets/helm-values.yaml b/external-secrets/helm-values.yaml index bd3a4a3..f6f8518 100644 --- a/external-secrets/helm-values.yaml +++ b/external-secrets/helm-values.yaml @@ -4,13 +4,12 @@ # Replica count replicaCount: 1 -# Resource settings (VPA lowerBound/target) +# Resource settings (no CPU limit for stability) resources: requests: cpu: 15m memory: 100Mi limits: - cpu: 15m memory: 109Mi # 동시 실행 제한 @@ -26,13 +25,12 @@ installCRDs: false # Webhook 설정 webhook: replicaCount: 1 - # Resource settings (VPA lowerBound/upperBound) + # Resource settings (no CPU limit for stability) resources: requests: cpu: 15m memory: 100Mi limits: - cpu: 15m memory: 100Mi # Affinity - Soft Anti-Affinity to spread pods across nodes affinity: @@ -48,13 +46,12 @@ webhook: # CertController 설정 certController: replicaCount: 1 - # Resource settings (VPA lowerBound/target) + # Resource settings (no CPU limit for stability) resources: requests: cpu: 15m memory: 144Mi limits: - cpu: 15m memory: 297Mi # Affinity - Soft Anti-Affinity to spread pods across nodes affinity: diff --git a/falco/helm-values.yaml b/falco/helm-values.yaml index a52903c..1793834 100644 --- a/falco/helm-values.yaml +++ b/falco/helm-values.yaml @@ -122,13 +122,12 @@ falcosidekick: fullfqdn: false replicaCount: 1 - # Resource settings (VPA lowerBound/upperBound) + # Resource settings (no CPU limit for stability) resources: requests: cpu: 15m memory: 100Mi limits: - cpu: 15m memory: 100Mi config: diff --git a/vault/helm-values.yaml b/vault/helm-values.yaml index ace769f..a2abdb6 100644 --- a/vault/helm-values.yaml +++ b/vault/helm-values.yaml @@ -43,13 +43,12 @@ server: # Extra args to use config from secret extraArgs: "-config=/vault/userconfig/extraconfig-from-values.hcl" - # Resource settings (VPA lowerBound/target) + # Resource settings (no CPU limit for stability) resources: requests: cpu: 34m memory: 126Mi limits: - cpu: 53m memory: 163Mi # Ingress 설정