Enhance Kyverno configuration in values.yaml by adding support for two replicas and enabling API priority and fairness. This update aims to improve resilience during rolling restarts and manage API traffic more effectively under load.

clusters/noble/apps/kyverno/values.yaml

@@ -10,7 +10,12 @@
 #
 # Raise Kubernetes client QPS/burst so under API/etcd load Kyverno does not hit
 # "client rate limiter Wait" / flaky kyverno-health lease (defaults are very low).
+# Two replicas: webhook Service keeps endpoints during rolling restarts (avoids
+# apiserver "connection refused" to kyverno-svc:443 while a single pod cycles).
 admissionController:
+  replicas: 2
+  # Insulate Kyverno API traffic via APF (helps when etcd/apiserver are busy).
+  apiPriorityAndFairness: true
   container:
     extraArgs:
       clientRateLimitQPS: 30