You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Kyverno stands to gain from some performance optimizations. Currently when applying 2 mutate policies using Strategic Merge Patch we get the following performance:
Pre-compute and cache computations that don't change often and store them on insertion to be used later.
For Mutate we already have our solution which is to use JSON Patch. However, other things should be considered like the user experience. Currently a non-issue as most Policy engines suffer from the same fate.
Finally we could parallelize policy application whether Mutate or Validate.
I have searched other issues in this repository and mine is not recorded.
The text was updated successfully, but these errors were encountered:
KhaledEmaraDev
added
enhancement
New feature or request
triage
Default label assigned to all new issues indicating label curation is needed to fully organize.
performance
and removed
triage
Default label assigned to all new issues indicating label curation is needed to fully organize.
labels
May 13, 2024
Problem Statement
Kyverno stands to gain from some performance optimizations. Currently when applying 2 mutate policies using Strategic Merge Patch we get the following performance:
After rewriting the policies to use JSON Patch:
Also for validate in constrained resources scenarios we could improve a little. Using the profiler it seems that the two biggest offenders are:
a. Variable and Reference substitution
b. Anchor Processing
Also, time delay seems to grow linearly with the number of policies suggesting we could make use of parallelization.
Solution Description
For Validate we have three solutions:
For Mutate we already have our solution which is to use JSON Patch. However, other things should be considered like the user experience. Currently a non-issue as most Policy engines suffer from the same fate.
Finally we could parallelize policy application whether Mutate or Validate.
Alternatives
No response
Additional Context
No response
Slack discussion
No response
Research
The text was updated successfully, but these errors were encountered: