K3S-HOME/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PERF(security): remove CPU limits for stability

Browse Source 
- Remove CPU limits from authelia, cert-manager, external-secrets, falco, vault
- Prevents CPU throttling issues
This commit is contained in:
Mayne0213
2026-01-12 02:13:42 +09:00
parent e5ca2a3f36
commit ac4cd12c73
5 changed files with 10 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
authelia/helm-values.yaml
View File

@@ -8,13 +8,12 @@ ingress:
# Pod configuration # Pod configuration
pod: pod:
kind: DaemonSet kind: DaemonSet
# Resource settings (VPA lowerBound/target) # Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m cpu: 15m
memory: 100Mi memory: 100Mi
limits: limits:
cpu: 15m
memory: 144Mi memory: 144Mi
extraVolumes: extraVolumes:
- name: users-database - name: users-database
@@ -197,13 +196,12 @@ redis:
image: image:
tag: latest tag: latest
master: master:
# Resource settings (VPA lowerBound/upperBound) # Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 22m cpu: 22m
memory: 100Mi memory: 100Mi
limits: limits:
cpu: 32m
memory: 100Mi memory: 100Mi
# No persistence needed - using PostgreSQL # No persistence needed - using PostgreSQL

9
cert-manager/helm-values.yaml
View File

@@ -6,24 +6,22 @@ installCRDs: true
replicaCount: 1 replicaCount: 1
# Resource settings (VPA lowerBound/upperBound) # Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m cpu: 15m
memory: 100Mi memory: 100Mi
limits: limits:
cpu: 15m
memory: 100Mi memory: 100Mi
webhook: webhook:
replicaCount: 1 replicaCount: 1
# Resource settings (VPA lowerBound/upperBound) # Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m cpu: 15m
memory: 100Mi memory: 100Mi
limits: limits:
cpu: 15m
memory: 100Mi memory: 100Mi
# Affinity - Soft Anti-Affinity to spread pods across nodes # Affinity - Soft Anti-Affinity to spread pods across nodes
affinity: affinity:
@@ -38,13 +36,12 @@ webhook:
cainjector: cainjector:
replicaCount: 1 replicaCount: 1
# Resource settings (VPA lowerBound/target) # Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m cpu: 15m
memory: 126Mi memory: 126Mi
limits: limits:
cpu: 15m
memory: 248Mi memory: 248Mi
# Affinity - Soft Anti-Affinity to spread pods across nodes # Affinity - Soft Anti-Affinity to spread pods across nodes
affinity: affinity:

9
external-secrets/helm-values.yaml
View File

@@ -4,13 +4,12 @@
# Replica count # Replica count
replicaCount: 1 replicaCount: 1
# Resource settings (VPA lowerBound/target) # Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m cpu: 15m
memory: 100Mi memory: 100Mi
limits: limits:
cpu: 15m
memory: 109Mi memory: 109Mi
# 동시 실행 제한 # 동시 실행 제한
@@ -26,13 +25,12 @@ installCRDs: false
# Webhook 설정 # Webhook 설정
webhook: webhook:
replicaCount: 1 replicaCount: 1
# Resource settings (VPA lowerBound/upperBound) # Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m cpu: 15m
memory: 100Mi memory: 100Mi
limits: limits:
cpu: 15m
memory: 100Mi memory: 100Mi
# Affinity - Soft Anti-Affinity to spread pods across nodes # Affinity - Soft Anti-Affinity to spread pods across nodes
affinity: affinity:
@@ -48,13 +46,12 @@ webhook:
# CertController 설정 # CertController 설정
certController: certController:
replicaCount: 1 replicaCount: 1
# Resource settings (VPA lowerBound/target) # Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m cpu: 15m
memory: 144Mi memory: 144Mi
limits: limits:
cpu: 15m
memory: 297Mi memory: 297Mi
# Affinity - Soft Anti-Affinity to spread pods across nodes # Affinity - Soft Anti-Affinity to spread pods across nodes
affinity: affinity:

3
falco/helm-values.yaml
View File

@@ -122,13 +122,12 @@ falcosidekick:
fullfqdn: false fullfqdn: false
replicaCount: 1 replicaCount: 1
# Resource settings (VPA lowerBound/upperBound) # Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 15m cpu: 15m
memory: 100Mi memory: 100Mi
limits: limits:
cpu: 15m
memory: 100Mi memory: 100Mi
config: config:

3
vault/helm-values.yaml
View File

@@ -43,13 +43,12 @@ server:
# Extra args to use config from secret # Extra args to use config from secret
extraArgs: "-config=/vault/userconfig/extraconfig-from-values.hcl" extraArgs: "-config=/vault/userconfig/extraconfig-from-values.hcl"
# Resource settings (VPA lowerBound/target) # Resource settings (no CPU limit for stability)
resources: resources:
requests: requests:
cpu: 34m cpu: 34m
memory: 126Mi memory: 126Mi
limits: limits:
cpu: 53m
memory: 163Mi memory: 163Mi
# Ingress 설정 # Ingress 설정