Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

new docs: running KW at scale #488

Open
flavio opened this issue Jan 14, 2025 · 0 comments
Open

new docs: running KW at scale #488

flavio opened this issue Jan 14, 2025 · 0 comments
Labels
area/documentation Improvements or additions to documentation
Milestone
1.22

Comments

@flavio
Copy link
Member

flavio commented Jan 14, 2025

It would be great to write some tips and tricks about how to run Kubewarden at scale.

An community user of Kubewarden (who wants to remain anonymous) provided us these information. We could use them as a starting point for that document.

Survey

How many Kubewarden's ClusterAdmissionPolicies and AdmissionPolicies do you have defined on your clusters

ClusterAdmissionPolicies: 22
AdmissionPolicies: None

How many Kubewarden's PolicyServers have you defined, what is their replica size

We decided to have 2 servers, one for context aware policies and another for all other policies. We have 15 replicas on each

How much resources (memory, CPU) are allocated to Kubewarden

We have replicas taking 300MB and 4 cores

How many admission requests do you process per minute/second/X

Some of our clusters can reach 300 requests per second (audit + webhook)

What is the latency introduced by Kubewarden, what are your constraints (this can be seen in the tracing output of Kubewaden PolicyServers)

On our biggest cluster some requests timeout at 10 seconds on the server and 2.5 seconds on the webhook. But usually, for context aware policies it can take around 500ms

What is the size of the cluster:

We have around 20 clusters

Number of nodes

Our biggest clusters have around 400 nodes

Number of Namespaces

Our biggest cluster have around 4000 namespaces

Number of Pods/RoleBinding/Ingress/other Kubernetes resources being inspected by Kubewarden

Biggest cluster:

Pods: 10000
Rolebindings: 13000
Ingresses: 12000
Deployments: 8000
Services: 13000

How often do you run the audit-scanner feature of Kubewarden

Every 4 hours

What is the helm chart configuration for the audit-scanner feature (amount of chosen parallelization?)

--parallel-namespaces
"10"
--parallel-resources
"20"
--parallel-policies
"20"
--page-size
"1000"
--disable-store

How many policies are systematically excluded from the audit-scanner

1

How long does an audit-scanner Job take

Biggest Cluster: 70 minutes
@flavio flavio added the area/documentation Improvements or additions to documentation label Jan 14, 2025
@flavio flavio added this to the 1.22 milestone Jan 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/documentation Improvements or additions to documentation
Projects
Kubewarden
Status: No status
Milestone
1.22
Development

No branches or pull requests
1 participant
@flavio