K3S-HOME/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
132 Commits 1 Branch 0 Tags
c24313154d286d7a8652f8c993636eb22500e8ab
Commit Graph

6 Commits

Author SHA1 Message Date
Mayne0213
c24313154d FIX(security): remove CPU limits from falco and trivy 
- falco: set cpu: null to disable chart default (1 core)
- trivy: set cpu: null for operator and scan jobs (500m default)
 2026-01-08 00:33:13 +09:00
Mayne0213
31007c5586 PERF(resources): remove CPU limits - keep memory limits only 
- CPU throttling prevents app startup, not crashes
- Memory OOM is the real cascading failure cause
- CPU request ensures fair scheduling
 2026-01-07 23:48:43 +09:00
Mayne0213
1cd89f6bae REFACTOR(falco): remove CPU limit 
- Set cpu: null to override chart default (1 core)
- Prevents CPU throttling under high load
 2026-01-05 00:40:26 +09:00
Mayne0213
bce1bdf12b FIX(trivy): fix Trivy resource limits 
- Operator: add 512Mi memory limit
- Scan jobs: increase memory limit 500M -> 768Mi
- Reduce concurrent scan jobs 3 -> 2
 2026-01-05 00:40:26 +09:00
Mayne0213
589b98a875 REFACTOR(trivy): remove Trivy scan job CPU limit 
- Remove CPU limit to prevent throttling
- Optimize scan job performance
 2026-01-05 00:40:26 +09:00
Mayne0213
8da74949b8 FEAT(trivy): add trivy operator 
- for container vulnerability scanning
- Add Trivy Operator Helm chart (v0.31.0)
- Configure ServiceMonitor for Prometheus integration
- Enable vulnerability, config audit, and RBAC scanners
- Use Longhorn storage class for Trivy DB
- Exclude kube-system namespaces from scanning
 2026-01-04 23:41:39 +09:00