PERF(security): optimize resources via VPA

- authelia: CPU 15m/15m, memory 100Mi/144Mi - authelia-redis: CPU 22m/32m, memory 100Mi/100Mi - cert-manager: CPU 15m/15m, memory 100Mi/100Mi - cert-manager-cainjector: CPU 15m/15m, memory 126Mi/248Mi - cert-manager-webhook: CPU 15m/15m, memory 100Mi/100Mi - external-secrets: CPU 15m/15m, memory 100Mi/109Mi - external-secrets-cert-controller: CPU 15m/15m, memory 144Mi/297Mi - external-secrets-webhook: CPU 15m/15m, memory 100Mi/100Mi - falco: CPU 34m/53m, memory 93Mi/144Mi - falcosidekick: CPU 15m/15m, memory 100Mi/100Mi - vault: CPU 34m/53m, memory 126Mi/163Mi
2026-01-12 01:08:45 +09:00
parent 2cfcc586be
commit ec09ea403f
5 changed files with 49 additions and 31 deletions
--- a/authelia/helm-values.yaml
+++ b/authelia/helm-values.yaml
@@ -8,12 +8,14 @@ ingress:
 # Pod configuration
 pod:
  kind: DaemonSet
  # Resource settings (VPA lowerBound/target)
  resources:
    requests:
      cpu: 15m
-      memory: 194Mi
+      memory: 100Mi
    limits:
-      memory: 194Mi
+      cpu: 15m
      memory: 144Mi
  extraVolumes:
    - name: users-database
      configMap:
@@ -195,11 +197,13 @@ redis:
  image:
    tag: latest
  master:
    # Resource settings (VPA lowerBound/upperBound)
    resources:
      requests:
-        cpu: 23m
+        cpu: 22m
        memory: 100Mi
      limits:
        cpu: 32m
        memory: 100Mi
 # No persistence needed - using PostgreSQL
--- a/cert-manager/helm-values.yaml
+++ b/cert-manager/helm-values.yaml
@@ -6,21 +6,25 @@ installCRDs: true
 replicaCount: 1
 # Resource settings (VPA lowerBound/upperBound)
 resources:
  requests:
-    cpu: 23m
+    cpu: 15m
-    memory: 115Mi
+    memory: 100Mi
  limits:
-    memory: 115Mi
+    cpu: 15m
    memory: 100Mi
 webhook:
  replicaCount: 1
  # Resource settings (VPA lowerBound/upperBound)
  resources:
    requests:
-      cpu: 23m
+      cpu: 15m
-      memory: 115Mi
+      memory: 100Mi
    limits:
-      memory: 115Mi
+      cpu: 15m
      memory: 100Mi
  # Affinity - Soft Anti-Affinity to spread pods across nodes
  affinity:
    podAntiAffinity:
@@ -34,12 +38,14 @@ webhook:
 cainjector:
  replicaCount: 1
  # Resource settings (VPA lowerBound/target)
  resources:
    requests:
-      cpu: 23m
+      cpu: 15m
-      memory: 230Mi
+      memory: 126Mi
    limits:
-      memory: 230Mi
+      cpu: 15m
      memory: 248Mi
  # Affinity - Soft Anti-Affinity to spread pods across nodes
  affinity:
    podAntiAffinity:
--- a/external-secrets/helm-values.yaml
+++ b/external-secrets/helm-values.yaml
@@ -4,13 +4,14 @@
 # Replica count
 replicaCount: 1
-# 리소스 제한 (20% increase from original)
+# Resource settings (VPA lowerBound/target)
 resources:
  requests:
-    cpu: 5m
+    cpu: 15m
-    memory: 154Mi
+    memory: 100Mi
  limits:
-    memory: 154Mi
+    cpu: 15m
    memory: 109Mi
 # 동시 실행 제한
 concurrent: 3
@@ -25,12 +26,14 @@ installCRDs: false
 # Webhook 설정
 webhook:
  replicaCount: 1
  # Resource settings (VPA lowerBound/upperBound)
  resources:
    requests:
-      cpu: 2m
+      cpu: 15m
-      memory: 154Mi
+      memory: 100Mi
    limits:
-      memory: 154Mi
+      cpu: 15m
      memory: 100Mi
  # Affinity - Soft Anti-Affinity to spread pods across nodes
  affinity:
    podAntiAffinity:
@@ -45,12 +48,14 @@ webhook:
 # CertController 설정
 certController:
  replicaCount: 1
  # Resource settings (VPA lowerBound/target)
  resources:
    requests:
-      cpu: 2m
+      cpu: 15m
-      memory: 307Mi
+      memory: 144Mi
    limits:
-      memory: 307Mi
+      cpu: 15m
      memory: 297Mi
  # Affinity - Soft Anti-Affinity to spread pods across nodes
  affinity:
    podAntiAffinity:
--- a/falco/helm-values.yaml
+++ b/falco/helm-values.yaml
@@ -12,14 +12,14 @@ image:
  repository: falcosecurity/falco
  tag: 0.40.0
-# Resource requests
+# Resource settings (VPA lowerBound/target)
 resources:
  requests:
-    cpu: 49m
+    cpu: 34m
-    memory: 283Mi
+    memory: 93Mi
  limits:
-    cpu: null  # Disable chart default (1 core)
+    cpu: 53m
-    memory: 283Mi
+    memory: 144Mi
 # Falco configuration
 falco:
@@ -123,11 +123,13 @@ falcosidekick:
  fullfqdn: false
  replicaCount: 1
  # Resource settings (VPA lowerBound/upperBound)
  resources:
    requests:
      cpu: 15m
      memory: 100Mi
    limits:
      cpu: 15m
      memory: 100Mi
  config:
--- a/vault/helm-values.yaml
+++ b/vault/helm-values.yaml
@@ -43,13 +43,14 @@ server:
  # Extra args to use config from secret
  extraArgs: "-config=/vault/userconfig/extraconfig-from-values.hcl"
-  # 리소스 제한
+  # Resource settings (VPA lowerBound/target)
  resources:
    requests:
-      cpu: 49m
+      cpu: 34m
-      memory: 175Mi
+      memory: 126Mi
    limits:
-      memory: 175Mi
+      cpu: 53m
      memory: 163Mi
  # Ingress 설정
  ingress: