search

kubewarden / kubewarden-controller

Manage admission policies in your Kubernetes cluster with ease
https://kubewarden.io
Apache License 2.0
182 stars 30 forks source link

Audit Scanner overloading a single pod from policy server #689

Closed brunorene closed 3 weeks ago

brunorene commented 3 months ago

Is there an existing issue for this?

Current Behavior

I noticed that when Audit Scanner starts to run all request load is targetted into a single policy server pod, instead of being spread out throughout all available replicas, making the pod struggle to respond to all Audit scanner requests and making the auditing process take much longer. It does seem that Audit scanner also has very little concurrency when validating resources. I tried it on a large cluster (thousands of namespaces) and at the moment is taking around 2 days to finish.

Expected Behavior

Audit Scanner should take advantage of all replicas available from policy server to spread the request load

Steps To Reproduce

No response

Environment

- OS: Linux
- Architecture: amd64

Anything else?

No response

flavio commented 3 weeks ago

Closing, this is now fixed with the 1.13 release