From ec09ea403f58868579e675ef1d8415f9b0d8e305 Mon Sep 17 00:00:00 2001
From: Mayne0213 <bluemayne0213@icloud.com>
Date: Mon, 12 Jan 2026 01:08:45 +0900
Subject: [PATCH] PERF(security): optimize resources via VPA

- authelia: CPU 15m/15m, memory 100Mi/144Mi
- authelia-redis: CPU 22m/32m, memory 100Mi/100Mi
- cert-manager: CPU 15m/15m, memory 100Mi/100Mi
- cert-manager-cainjector: CPU 15m/15m, memory 126Mi/248Mi
- cert-manager-webhook: CPU 15m/15m, memory 100Mi/100Mi
- external-secrets: CPU 15m/15m, memory 100Mi/109Mi
- external-secrets-cert-controller: CPU 15m/15m, memory 144Mi/297Mi
- external-secrets-webhook: CPU 15m/15m, memory 100Mi/100Mi
- falco: CPU 34m/53m, memory 93Mi/144Mi
- falcosidekick: CPU 15m/15m, memory 100Mi/100Mi
- vault: CPU 34m/53m, memory 126Mi/163Mi
---
 authelia/helm-values.yaml         | 10 +++++++---
 cert-manager/helm-values.yaml     | 24 +++++++++++++++---------
 external-secrets/helm-values.yaml | 25 +++++++++++++++----------
 falco/helm-values.yaml            | 12 +++++++-----
 vault/helm-values.yaml            |  9 +++++----
 5 files changed, 49 insertions(+), 31 deletions(-)

diff --git a/authelia/helm-values.yaml b/authelia/helm-values.yaml
index 6510963..0438e28 100644
--- a/authelia/helm-values.yaml
+++ b/authelia/helm-values.yaml
@@ -8,12 +8,14 @@ ingress:
 # Pod configuration
 pod:
   kind: DaemonSet
+  # Resource settings (VPA lowerBound/target)
   resources:
     requests:
       cpu: 15m
-      memory: 194Mi
+      memory: 100Mi
     limits:
-      memory: 194Mi
+      cpu: 15m
+      memory: 144Mi
   extraVolumes:
     - name: users-database
       configMap:
@@ -195,11 +197,13 @@ redis:
   image:
     tag: latest
   master:
+    # Resource settings (VPA lowerBound/upperBound)
     resources:
       requests:
-        cpu: 23m
+        cpu: 22m
         memory: 100Mi
       limits:
+        cpu: 32m
         memory: 100Mi
 
 # No persistence needed - using PostgreSQL
diff --git a/cert-manager/helm-values.yaml b/cert-manager/helm-values.yaml
index cf98a70..b0934f6 100644
--- a/cert-manager/helm-values.yaml
+++ b/cert-manager/helm-values.yaml
@@ -6,21 +6,25 @@ installCRDs: true
 
 replicaCount: 1
 
+# Resource settings (VPA lowerBound/upperBound)
 resources:
   requests:
-    cpu: 23m
-    memory: 115Mi
+    cpu: 15m
+    memory: 100Mi
   limits:
-    memory: 115Mi
+    cpu: 15m
+    memory: 100Mi
 
 webhook:
   replicaCount: 1
+  # Resource settings (VPA lowerBound/upperBound)
   resources:
     requests:
-      cpu: 23m
-      memory: 115Mi
+      cpu: 15m
+      memory: 100Mi
     limits:
-      memory: 115Mi
+      cpu: 15m
+      memory: 100Mi
   # Affinity - Soft Anti-Affinity to spread pods across nodes
   affinity:
     podAntiAffinity:
@@ -34,12 +38,14 @@ webhook:
 
 cainjector:
   replicaCount: 1
+  # Resource settings (VPA lowerBound/target)
   resources:
     requests:
-      cpu: 23m
-      memory: 230Mi
+      cpu: 15m
+      memory: 126Mi
     limits:
-      memory: 230Mi
+      cpu: 15m
+      memory: 248Mi
   # Affinity - Soft Anti-Affinity to spread pods across nodes
   affinity:
     podAntiAffinity:
diff --git a/external-secrets/helm-values.yaml b/external-secrets/helm-values.yaml
index a2012a2..bd3a4a3 100644
--- a/external-secrets/helm-values.yaml
+++ b/external-secrets/helm-values.yaml
@@ -4,13 +4,14 @@
 # Replica count
 replicaCount: 1
 
-# 리소스 제한 (20% increase from original)
+# Resource settings (VPA lowerBound/target)
 resources:
   requests:
-    cpu: 5m
-    memory: 154Mi
+    cpu: 15m
+    memory: 100Mi
   limits:
-    memory: 154Mi
+    cpu: 15m
+    memory: 109Mi
 
 # 동시 실행 제한
 concurrent: 3
@@ -25,12 +26,14 @@ installCRDs: false
 # Webhook 설정
 webhook:
   replicaCount: 1
+  # Resource settings (VPA lowerBound/upperBound)
   resources:
     requests:
-      cpu: 2m
-      memory: 154Mi
+      cpu: 15m
+      memory: 100Mi
     limits:
-      memory: 154Mi
+      cpu: 15m
+      memory: 100Mi
   # Affinity - Soft Anti-Affinity to spread pods across nodes
   affinity:
     podAntiAffinity:
@@ -45,12 +48,14 @@ webhook:
 # CertController 설정
 certController:
   replicaCount: 1
+  # Resource settings (VPA lowerBound/target)
   resources:
     requests:
-      cpu: 2m
-      memory: 307Mi
+      cpu: 15m
+      memory: 144Mi
     limits:
-      memory: 307Mi
+      cpu: 15m
+      memory: 297Mi
   # Affinity - Soft Anti-Affinity to spread pods across nodes
   affinity:
     podAntiAffinity:
diff --git a/falco/helm-values.yaml b/falco/helm-values.yaml
index 3690e58..3e94776 100644
--- a/falco/helm-values.yaml
+++ b/falco/helm-values.yaml
@@ -12,14 +12,14 @@ image:
   repository: falcosecurity/falco
   tag: 0.40.0
 
-# Resource requests
+# Resource settings (VPA lowerBound/target)
 resources:
   requests:
-    cpu: 49m
-    memory: 283Mi
+    cpu: 34m
+    memory: 93Mi
   limits:
-    cpu: null  # Disable chart default (1 core)
-    memory: 283Mi
+    cpu: 53m
+    memory: 144Mi
 
 # Falco configuration
 falco:
@@ -123,11 +123,13 @@ falcosidekick:
   fullfqdn: false
   replicaCount: 1
 
+  # Resource settings (VPA lowerBound/upperBound)
   resources:
     requests:
       cpu: 15m
       memory: 100Mi
     limits:
+      cpu: 15m
       memory: 100Mi
 
   config:
diff --git a/vault/helm-values.yaml b/vault/helm-values.yaml
index 5dd0d0a..ace769f 100644
--- a/vault/helm-values.yaml
+++ b/vault/helm-values.yaml
@@ -43,13 +43,14 @@ server:
   # Extra args to use config from secret
   extraArgs: "-config=/vault/userconfig/extraconfig-from-values.hcl"
 
-  # 리소스 제한
+  # Resource settings (VPA lowerBound/target)
   resources:
     requests:
-      cpu: 49m
-      memory: 175Mi
+      cpu: 34m
+      memory: 126Mi
     limits:
-      memory: 175Mi
+      cpu: 53m
+      memory: 163Mi
 
   # Ingress 설정
   ingress: