UNCLASSIFIED - NO CUI

Skip to content

kyverno limits fixes

Michael Martin requested to merge fix-kyverno-test-values into master

These changes will pass through the resource limits correctly to the kyverno-admission-controller pods.

Increased the CPU Limit to 1 -- this helped with initial Cluster Policy installs in testing (see next note), and thinking this may help a bit more with general runs, as the 3-node HA cluster needs to handle all the incoming requests and coordinate the changes across the HA cluster. Also tested with a single kyverno-admission-controller which can work too -- if the CPU limit is high enough. However, this wouldn't test the desired 3+-node desired HA cluster.

Increased the webhook timeout to 30sec from 10sec, as this was causing consistent issues when testing on a local bare-metal cluster during the initial kyverno-policies helm install. The alternative here was to bump up the cpu limits to 3 or higher.

Also adds in a fix for the require-non-root-group kyverno-policies` tests to not get blocked by gatekeeper

Also adds in fortify/fortify-ssc-cypress-test to allow host path mounts

Also sorting those gatekeeper exclusion lists

Edited by Michael Martin

Merge request reports

Loading