From aab9a3ab4e83a0feeffce30d865be8945acf0ef0 Mon Sep 17 00:00:00 2001
From: em <eugen.mayer@kontextwork.de>
Date: Wed, 8 Jan 2025 14:28:36 +0100
Subject: [PATCH] lower resources

---
 charts/vulnz-nvd-mirror/CHANGELOG.md |  4 ++++
 charts/vulnz-nvd-mirror/Chart.yaml   |  2 +-
 charts/vulnz-nvd-mirror/values.yaml  | 27 ++++++++++++++-------------
 3 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/charts/vulnz-nvd-mirror/CHANGELOG.md b/charts/vulnz-nvd-mirror/CHANGELOG.md
index 7afad56..91c2533 100644
--- a/charts/vulnz-nvd-mirror/CHANGELOG.md
+++ b/charts/vulnz-nvd-mirror/CHANGELOG.md
@@ -1,5 +1,9 @@
 ## 0.4.5
 
+- Lower max-per-page to 500 to ensure resources are not exhausted
+
+## 0.4.5
+
 - Add kill signal capability to the container so supervisor can handle the shutdown gracefully
 - Higher memory limit for the container
 
diff --git a/charts/vulnz-nvd-mirror/Chart.yaml b/charts/vulnz-nvd-mirror/Chart.yaml
index b01960e..60777b9 100644
--- a/charts/vulnz-nvd-mirror/Chart.yaml
+++ b/charts/vulnz-nvd-mirror/Chart.yaml
@@ -1,7 +1,7 @@
 kubeVersion: ">=1.24.0-0"
 apiVersion: v2
 name: vulnz-nvd-mirror
-version: 0.4.5
+version: 0.4.6
 appVersion: 7.1.0
 description: NVD api mirror and cache
 home: https://github.com/EugenMayer/helm-charts/tree/main/charts/vulnz-nvd-mirror
diff --git a/charts/vulnz-nvd-mirror/values.yaml b/charts/vulnz-nvd-mirror/values.yaml
index 1a36459..dd3870e 100644
--- a/charts/vulnz-nvd-mirror/values.yaml
+++ b/charts/vulnz-nvd-mirror/values.yaml
@@ -17,6 +17,7 @@ securityContext:
     readOnlyRootFilesystem: false
     capabilities:
       add:
+        # needed for supervisord to properly kill / handle sigterms
         - KILL
   pod:
     fsGroup: 101
@@ -52,7 +53,6 @@ workload:
                 initialDelaySeconds: 15
                 periodSeconds: 5
                 failureThreshold: 2
-
           resources:
             limits:
               # needed since vulnz is rather memory hungry and will crash with less
@@ -60,18 +60,19 @@ workload:
           env:
             # we need to override the default, see https://github.com/jeremylong/Open-Vulnerability-Project/issues/245
             # leave some for the apache process
-            JAVA_OPT: -XX:InitialRAMPercentage=70.0 -XX:MaxRAMPercentage=95.0
-        #   # set this to preseed your API key. the expected structure is
-        #   NVD_API_KEY:
-        #     secretKeyRef:
-        #       name: nvd-api-key
-        #       key: password
-        #   # amount of retries
-        #   MAX_RETRY: 10
-        #   # fetch max record pre page - cannot be higher then 2000 by API limits
-        #   MAX_RECORDS_PER_PAGE: 2000
-        #   # show debug logs
-        #   DEBUG: true
+            JAVA_OPT: -XX:InitialRAMPercentage=70.0 -XX:MaxRAMPercentage=90.0
+            # starting from 7.1.0 even 5Gi is not enough to handle 2000 records per page
+            ## fetch max record pre page - cannot be higher then 2000 by API limits
+            MAX_RECORDS_PER_PAGE: 500
+            ## set this to preseed your API key. the expected structure is
+            #NVD_API_KEY:
+            #  secretKeyRef:
+            #    name: nvd-api-key
+            #    key: password
+            ## amount of retries
+            #MAX_RETRY: 10
+            ## show debug logs
+            #DEBUG: true
 
 ingress:
   main: