7e540292ad
The mutateExistingOnPolicyUpdate=true on inject-keel-annotations produced 176 UpdateRequests for the initial bulk scan across enrolled namespaces. At the existing 384Mi limit, kyverno-background-controller OOMKilled while processing them — no annotations got injected on existing workloads (count stuck at 30). Live state already bumped via kubectl set resources; this commit makes it durable through Terraform. Also lowered the request to 256Mi (the 384Mi floor was tight against limit; 2Gi headroom for bulk scans, 256Mi steady state). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| dependency-init-containers.tf | ||
| keel-annotations.tf | ||
| main.tf | ||
| registry-credentials.tf | ||
| resource-governance.tf | ||
| security-policies.tf | ||
| tls-secret-sync.tf | ||