security/external-secrets/helm-values.yaml

# External Secrets Operator Helm Values
# Chart: https://github.com/external-secrets/external-secrets

# Replica count
replicaCount: 2

# 리소스 제한
resources:
  requests:
    cpu: 5m  # Reduced from 20m based on actual usage (1m)
    memory: 64Mi
  limits:
    # cpu: removed to prevent throttling
    memory: 256Mi

# Webhook 설정
webhook:
  replicaCount: 2
  resources:
    requests:
      cpu: 2m  # Reduced from 10m based on actual usage (1m)
      memory: 32Mi
    limits:
      # cpu: removed to prevent throttling
      memory: 128Mi

# CertController 설정
certController:
  replicaCount: 2
  resources:
    requests:
      cpu: 2m  # Reduced from 10m based on actual usage (1m)
      memory: 32Mi
    limits:
      # cpu: removed to prevent throttling
      memory: 128Mi

# 동시 실행 제한
concurrent: 3

# 로그 레벨
logLevel: info

# CRD 자동 설치 비활성화 (annotation 크기 제한 문제 회피)
# CRD는 이미 설치되어 있으며, 업그레이드 시 수동으로 적용 필요
installCRDs: false

# Affinity - Soft Anti-Affinity to spread pods across nodes
affinity:
  podAntiAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchLabels:
              app.kubernetes.io/name: external-secrets
          topologyKey: kubernetes.io/hostname

webhook:
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
        - weight: 100
          podAffinityTerm:
            labelSelector:
              matchLabels:
                app.kubernetes.io/name: external-secrets-webhook
            topologyKey: kubernetes.io/hostname

certController:
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
        - weight: 100
          podAffinityTerm:
            labelSelector:
              matchLabels:
                app.kubernetes.io/name: external-secrets-cert-controller
            topologyKey: kubernetes.io/hostname