gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
207cdca0cfcf4b0a42e220f5b034a1245de49305
home-server/clusters/noble/apps/kyverno/values.yaml

23 lines
972 B
YAML
Raw Blame History

# Kyverno — noble (policy engine)
#
# helm repo add kyverno https://kyverno.github.io/kyverno/
# helm repo update
# kubectl apply -f clusters/noble/apps/kyverno/namespace.yaml
# helm upgrade --install kyverno kyverno/kyverno -n kyverno \
# --version 3.7.1 -f clusters/noble/apps/kyverno/values.yaml --wait --timeout 15m
#
# Baseline Pod Security policies (separate chart): see policies-values.yaml + README.md
#
# Raise Kubernetes client QPS/burst so under API/etcd load Kyverno does not hit
# "client rate limiter Wait" / flaky kyverno-health lease (defaults are very low).
# Two replicas: webhook Service keeps endpoints during rolling restarts (avoids
# apiserver "connection refused" to kyverno-svc:443 while a single pod cycles).
admissionController:
replicas: 2
# Insulate Kyverno API traffic via APF (helps when etcd/apiserver are busy).
apiPriorityAndFairness: true
container:
extraArgs:
clientRateLimitQPS: 30
clientRateLimitBurst: 60
Reference in New Issue View Git Blame Copy Permalink