Comments (3)
I don't know if there are any hard numbers on this that I can give you, but:
- A larger response will take more RAM
- A larger response will add to latency
Gatekeeper sets no limits on response size. Users do have the ability to "tune" G8r by increasing the amount of RAM it can use or adding CPU power (though I think Rego is evaluated single-threaded, so that's only helpful up to scheduling an entire CPU core).
Gatekeeper's mutation webhooks have a default timeout of 1 second and its validating webhooks have a timeout of 3 seconds.
I'd probably try to set some "reasonable" limits by choosing a standard G8r footprint for a typical Ratify user, use a typical constraint, then do some load testing.
Figure out at what size you start seeing problems (pods OOMing, requests taking longer than 3 or 1 seconds, etc.) and see what that gets you. Once you have a "ballpark" size, I'd consider choosing a much smaller maximum size (1/2, 1/10, 1/100, depending on what is reasonable for particular use cases) just to give you some headroom for either complexity of policies growing in the future, or users operating on smaller footprints.
from gatekeeper.
You could also consider letting the user configure the limit sizes, so they can tune things to meet their needs (the above may still be useful for setting a default value)
from gatekeeper.
thanks for your comment @maxsmythe. That is all we will need for now, issue closed.
from gatekeeper.
Related Issues (20)
- Pub/Sub for admission events HOT 1
- Cannot retrieve data.inventory data when resources are deleted by triggering namespace deletion HOT 1
- Attribute matching for mutation pathTests HOT 2
- Unable to create CRD's of constraints and constraintTemplates while deploying Gatekeeper through Helm HOT 2
- Enable CONNECT operation in gatekeeper validate admission controller HOT 2
- feat: Add retry limit when fetching/listing expectations in ready tracker HOT 1
- gator: null initContainers combined with securityContext MustNotExist pathTest triggers error: mismatch between path entry (type: List) and received object (type: <nil>).
- unable to use dot (.) and slash (/) in the name of a label in an AssignMetadata HOT 1
- constraint spec.enforcementAction enum validation HOT 3
- helm chart produces incorrect network policy for controller manager HOT 1
- Gatekeeper constraints not correctly evaluating `PriorityClass` objects
- GK mutation and K8s mutating admission policy HOT 1
- Remove alpha flags from values and add conditional checks before setting flags through helm
- Common function to report errors on constraint.status
- Warn users for experimental and deprecating flags usage HOT 1
- constraint status error in 3.17.0-rc HOT 1
- Writing audit violations to disk
- Verify that Gatekeeper CRDs are not affected by K8s CABundle validation on CRD
- Assess if Gatekeeper CRs can use Custom Resource Field Selectors
- Move pkg/driver/k8snative from framework
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gatekeeper.