Skip to content

docs(scaling): add v1.18.1 CEL-based policy admission latency benchmarks#2052

Merged
realshuting merged 6 commits into
kyverno:mainfrom
realshuting:feat/monitoring-alerting
May 29, 2026
Merged

docs(scaling): add v1.18.1 CEL-based policy admission latency benchmarks#2052
realshuting merged 6 commits into
kyverno:mainfrom
realshuting:feat/monitoring-alerting

Conversation

@realshuting
Copy link
Copy Markdown
Member

@realshuting realshuting commented May 29, 2026
edited
Loading

Summary

Closes kyverno/kyverno#14279.

  • Labels the existing benchmark table as ClusterPolicy (pre-v1.14, kyverno.io/v1) to distinguish it from the new data
  • Adds an 18-row benchmark table for Kyverno v1.18.1 policies.kyverno.io/v1beta1 (ValidatingPolicy + MutatingPolicy, CEL-based) measured on Akamai Dedicated hardware
  • Scenarios covered: vpol-pss (16 PSS policies — apples-to-apples with ClusterPolicy rows), vpol-complex, mpol-complex, combined (vpol + mpol) at 50/200/500 VU × 1 and 3 replicas
  • Columns: avg / p95 / p99 / fail%; ⚠ notation where p99 > 1 s at 1-replica, 500 VU
  • Links to full results in docs/perf-testing/v1.18.1/results/summary.md

Key findings:

  • 3 replicas keep all scenarios below 650 ms p99 even at 500 VU
  • vpol-pss single-replica at 500 VU: p99 = 1,247 ms ⚠ (above KyvernoAdmissionHighLatency threshold)
  • combined (vpol + mpol) single-replica at 500 VU: p99 = 1,113 ms ⚠

This addresses CNCF TOC graduation items 7 (SLOs/SLIs) and 8 (alerting thresholds) from issue kyverno/kyverno#15473.

Test plan

  • Page renders correctly in the website preview
  • Table alignment and ⚠ symbols display as expected
  • Link to full results resolves once kyverno/kyverno PR merges

🤖 Generated with Claude Code

@realshuting
docs: add alerting section to monitoring guide
11dbea0 
Documents the optional PrometheusRule Helm chart feature:
prerequisites, enable/configure instructions, key metrics
table, and per-alert runbook for admission and policy
execution latency alerts.

Signed-off-by: realshuting <shuting@nirmata.com>
@realshuting
chore: fix prettier formatting in monitoring guide
1f864c5 
Signed-off-by: realshuting <shuting@nirmata.com>
@realshuting
Merge branch 'main' into feat/monitoring-alerting
7fd99f1
@realshuting
docs(scaling): add v1.18.1 CEL-based policy admission latency benchmarks
d93f50b 
Adds a new benchmark table for Kyverno v1.18.1 `policies.kyverno.io/v1beta1`
ValidatingPolicy and MutatingPolicy (CEL-based) measured on Akamai Dedicated
hardware (g6-dedicated-32 cluster + g6-dedicated-16 k6 loader).

- Labels the existing ClusterPolicy table as pre-v1.14 kyverno.io/v1
- Adds 18-row table covering vpol-pss (PSS apples-to-apples), vpol-complex,
  mpol-complex, and combined scenarios at 50/200/500 VU × 1/3 replicas
- Columns: avg / p95 / p99 / fail%; ⚠ notation where p99 > 1s
- Links to full results in docs/perf-testing/v1.18.1/results/summary.md

Signed-off-by: realshuting <shutingzhao@example.com>
Signed-off-by: realshuting <shuting@nirmata.com>
@github-actions github-actions Bot added the documentation Improvements or additions to documentation label May 29, 2026
@realshuting realshuting enabled auto-merge (squash) May 29, 2026 03:32
@realshuting realshuting mentioned this pull request May 29, 2026
Open
29 tasks
@realshuting realshuting requested a review from fjogeleit May 29, 2026 07:16
@realshuting realshuting merged commit 177201a into kyverno:main May 29, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fjogeleit fjogeleit fjogeleit approved these changes

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature] refresh perf testing data for vpol

2 participants

@realshuting @fjogeleit