PERF(security): optimize resources via VPA

- authelia: CPU 15m/15m, memory 100Mi/144Mi
- authelia-redis: CPU 22m/32m, memory 100Mi/100Mi
- cert-manager: CPU 15m/15m, memory 100Mi/100Mi
- cert-manager-cainjector: CPU 15m/15m, memory 126Mi/248Mi
- cert-manager-webhook: CPU 15m/15m, memory 100Mi/100Mi
- external-secrets: CPU 15m/15m, memory 100Mi/109Mi
- external-secrets-cert-controller: CPU 15m/15m, memory 144Mi/297Mi
- external-secrets-webhook: CPU 15m/15m, memory 100Mi/100Mi
- falco: CPU 34m/53m, memory 93Mi/144Mi
- falcosidekick: CPU 15m/15m, memory 100Mi/100Mi
- vault: CPU 34m/53m, memory 126Mi/163Mi

authelia/helm-values.yaml

@@ -8,12 +8,14 @@ ingress:
 # Pod configuration
 pod:
   kind: DaemonSet
+  # Resource settings (VPA lowerBound/target)
   resources:
     requests:
       cpu: 15m
-      memory: 194Mi
+      memory: 100Mi
     limits:
-      memory: 194Mi
+      cpu: 15m
+      memory: 144Mi
   extraVolumes:
     - name: users-database
       configMap:
@@ -195,11 +197,13 @@ redis:
   image:
     tag: latest
   master:
+    # Resource settings (VPA lowerBound/upperBound)
     resources:
       requests:
-        cpu: 23m
+        cpu: 22m
         memory: 100Mi
       limits:
+        cpu: 32m
         memory: 100Mi
 
 # No persistence needed - using PostgreSQL

cert-manager/helm-values.yaml

@@ -6,21 +6,25 @@ installCRDs: true
 
 replicaCount: 1
 
+# Resource settings (VPA lowerBound/upperBound)
 resources:
   requests:
-    cpu: 23m
-    memory: 115Mi
+    cpu: 15m
+    memory: 100Mi
   limits:
-    memory: 115Mi
+    cpu: 15m
+    memory: 100Mi
 
 webhook:
   replicaCount: 1
+  # Resource settings (VPA lowerBound/upperBound)
   resources:
     requests:
-      cpu: 23m
-      memory: 115Mi
+      cpu: 15m
+      memory: 100Mi
     limits:
-      memory: 115Mi
+      cpu: 15m
+      memory: 100Mi
   # Affinity - Soft Anti-Affinity to spread pods across nodes
   affinity:
     podAntiAffinity:
@@ -34,12 +38,14 @@ webhook:
 
 cainjector:
   replicaCount: 1
+  # Resource settings (VPA lowerBound/target)
   resources:
     requests:
-      cpu: 23m
-      memory: 230Mi
+      cpu: 15m
+      memory: 126Mi
     limits:
-      memory: 230Mi
+      cpu: 15m
+      memory: 248Mi
   # Affinity - Soft Anti-Affinity to spread pods across nodes
   affinity:
     podAntiAffinity:

external-secrets/helm-values.yaml

@@ -4,13 +4,14 @@
 # Replica count
 replicaCount: 1
 
-# 리소스 제한 (20% increase from original)
+# Resource settings (VPA lowerBound/target)
 resources:
   requests:
-    cpu: 5m
-    memory: 154Mi
+    cpu: 15m
+    memory: 100Mi
   limits:
-    memory: 154Mi
+    cpu: 15m
+    memory: 109Mi
 
 # 동시 실행 제한
 concurrent: 3
@@ -25,12 +26,14 @@ installCRDs: false
 # Webhook 설정
 webhook:
   replicaCount: 1
+  # Resource settings (VPA lowerBound/upperBound)
   resources:
     requests:
-      cpu: 2m
-      memory: 154Mi
+      cpu: 15m
+      memory: 100Mi
     limits:
-      memory: 154Mi
+      cpu: 15m
+      memory: 100Mi
   # Affinity - Soft Anti-Affinity to spread pods across nodes
   affinity:
     podAntiAffinity:
@@ -45,12 +48,14 @@ webhook:
 # CertController 설정
 certController:
   replicaCount: 1
+  # Resource settings (VPA lowerBound/target)
   resources:
     requests:
-      cpu: 2m
-      memory: 307Mi
+      cpu: 15m
+      memory: 144Mi
     limits:
-      memory: 307Mi
+      cpu: 15m
+      memory: 297Mi
   # Affinity - Soft Anti-Affinity to spread pods across nodes
   affinity:
     podAntiAffinity:

falco/helm-values.yaml

@@ -12,14 +12,14 @@ image:
   repository: falcosecurity/falco
   tag: 0.40.0
 
-# Resource requests
+# Resource settings (VPA lowerBound/target)
 resources:
   requests:
-    cpu: 49m
-    memory: 283Mi
+    cpu: 34m
+    memory: 93Mi
   limits:
-    cpu: null  # Disable chart default (1 core)
-    memory: 283Mi
+    cpu: 53m
+    memory: 144Mi
 
 # Falco configuration
 falco:
@@ -123,11 +123,13 @@ falcosidekick:
   fullfqdn: false
   replicaCount: 1
 
+  # Resource settings (VPA lowerBound/upperBound)
   resources:
     requests:
       cpu: 15m
       memory: 100Mi
     limits:
+      cpu: 15m
       memory: 100Mi
 
   config:

vault/helm-values.yaml

@@ -43,13 +43,14 @@ server:
   # Extra args to use config from secret
   extraArgs: "-config=/vault/userconfig/extraconfig-from-values.hcl"
 
-  # 리소스 제한
+  # Resource settings (VPA lowerBound/target)
   resources:
     requests:
-      cpu: 49m
-      memory: 175Mi
+      cpu: 34m
+      memory: 126Mi
     limits:
-      memory: 175Mi
+      cpu: 53m
+      memory: 163Mi
 
   # Ingress 설정
   ingress: