security/external-secrets/helm-values.yaml

# External Secrets Operator Helm Values
# Chart: https://github.com/external-secrets/external-secrets

# Replica count
replicaCount: 1

# Resource settings (VPA lowerBound/target)
resources:
  requests:
    cpu: 15m
    memory: 100Mi
  limits:
    cpu: 15m
    memory: 109Mi

# 동시 실행 제한
concurrent: 3

# 로그 레벨
logLevel: info

# CRD 자동 설치 비활성화 (annotation 크기 제한 문제 회피)
# CRD는 이미 설치되어 있으며, 업그레이드 시 수동으로 적용 필요
installCRDs: false

# Webhook 설정
webhook:
  replicaCount: 1
  # Resource settings (VPA lowerBound/upperBound)
  resources:
    requests:
      cpu: 15m
      memory: 100Mi
    limits:
      cpu: 15m
      memory: 100Mi
  # Affinity - Soft Anti-Affinity to spread pods across nodes
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
        - weight: 100
          podAffinityTerm:
            labelSelector:
              matchLabels:
                app.kubernetes.io/name: external-secrets-webhook
            topologyKey: kubernetes.io/hostname

# CertController 설정
certController:
  replicaCount: 1
  # Resource settings (VPA lowerBound/target)
  resources:
    requests:
      cpu: 15m
      memory: 144Mi
    limits:
      cpu: 15m
      memory: 297Mi
  # Affinity - Soft Anti-Affinity to spread pods across nodes
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
        - weight: 100
          podAffinityTerm:
            labelSelector:
              matchLabels:
                app.kubernetes.io/name: external-secrets-cert-controller
            topologyKey: kubernetes.io/hostname

# Affinity - Soft Anti-Affinity to spread pods across nodes
affinity:
  podAntiAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchLabels:
              app.kubernetes.io/name: external-secrets
          topologyKey: kubernetes.io/hostname