Skip to content

Commit 2d17a9f

Browse files
pratik705pratik705
committed
fix: refactor and tune kyverno for HA
1 parent ed66920 commit 2d17a9f

File tree

2 files changed

+7
-8
lines changed

2 files changed

+7
-8
lines changed

applications/base/services/kyverno/default-ruleset/kustomization.yaml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,6 @@ resources:
1414
- "disallow-selinux.yaml"
1515
- "require-run-as-non-root-user.yaml"
1616
- "require-run-as-nonroot.yaml"
17-
- "require-run-as-nonroot.yaml"
1817
- "restrict-apparmor-profiles.yaml"
1918
- "restrict-seccomp-strict.yaml"
2019
- "restrict-seccomp.yaml"

applications/base/services/kyverno/policy-engine/helm-values/hardened-values-3.6.0.yaml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -774,10 +774,10 @@ features:
774774
admissionController:
775775
autoscaling:
776776
# -- Enable horizontal pod autoscaling
777-
enabled: false
777+
enabled: true
778778

779779
# -- Minimum number of pods
780-
minReplicas: 1
780+
minReplicas: 3
781781

782782
# -- Maximum number of pods
783783
maxReplicas: 10
@@ -995,10 +995,10 @@ admissionController:
995995
podDisruptionBudget:
996996
# -- Enable PodDisruptionBudget.
997997
# Will always be enabled if replicas > 1. This non-declarative behavior should ideally be avoided, but changing it now would be breaking.
998-
enabled: false
998+
enabled: true
999999
# -- Configures the minimum available pods for disruptions.
10001000
# Cannot be used if `maxUnavailable` is set.
1001-
minAvailable: 1
1001+
minAvailable: 2
10021002
# -- Configures the maximum unavailable pods for disruptions.
10031003
# Cannot be used if `minAvailable` is set.
10041004
maxUnavailable:
@@ -1450,7 +1450,7 @@ backgroundController:
14501450
podDisruptionBudget:
14511451
# -- Enable PodDisruptionBudget.
14521452
# Will always be enabled if replicas > 1. This non-declarative behavior should ideally be avoided, but changing it now would be breaking.
1453-
enabled: false
1453+
enabled: true
14541454
# -- Configures the minimum available pods for disruptions.
14551455
# Cannot be used if `maxUnavailable` is set.
14561456
minAvailable: 1
@@ -1781,7 +1781,7 @@ cleanupController:
17811781
podDisruptionBudget:
17821782
# -- Enable PodDisruptionBudget.
17831783
# Will always be enabled if replicas > 1. This non-declarative behavior should ideally be avoided, but changing it now would be breaking.
1784-
enabled: false
1784+
enabled: true
17851785
# -- Configures the minimum available pods for disruptions.
17861786
# Cannot be used if `maxUnavailable` is set.
17871787
minAvailable: 1
@@ -2083,7 +2083,7 @@ reportsController:
20832083
podDisruptionBudget:
20842084
# -- Enable PodDisruptionBudget.
20852085
# Will always be enabled if replicas > 1. This non-declarative behavior should ideally be avoided, but changing it now would be breaking.
2086-
enabled: false
2086+
enabled: true
20872087
# -- Configures the minimum available pods for disruptions.
20882088
# Cannot be used if `maxUnavailable` is set.
20892089
minAvailable: 1

0 commit comments

Comments
 (0)