Allow tuning background scan period

[realshuting]

Is your feature request related to a problem? Please describe.
Kyverno has the background scan interval set to 15 minutes by default, this allows the controller to periodically validate the existing resources and audit the result (to policy report).

While in a larger size cluster, with hundreds of workloads running, this default value seems to be relatively small. It would be nice if it can be configured through a flag or an environment variable.

[chipzoller]

Consider making this configurable via a standard ConfigMap resource rather than having to pass a flag or env var. Any future Kyverno tweaks could be delivered similarly.

[realshuting]

Yes we should use ConfigMap for any custom configurations. Forgot that in the first place!

[imrajdas]

@realshuting I am taking this issue. Thanks

[imrajdas]

kyverno/cmd/kyverno/main.go

Line 38 in b4ab541

const resyncPeriod = 15 * time.Minute

I have to pick this resyncPeriod value from the kyverno configmap. Please correct me, if I am wrong?`

[realshuting]

@rajdas98 Thanks for looking into this issue.

resyncPeriod is used for re-syncing the informer's cache, it has nothing to do with the background scan process. Here is a reference of what needs to be done - #1395 (review).

I'm happy to discuss this in detail if you have any doubts.

[imrajdas]

Thanks @realshuting for this information. I am exploring about this issue right now. I will get back to you if I have any doubts.

[imrajdas]

@realshuting Can you explain about this issue little bit? Not able to get the context from this #1395 (review). Thanks

[realshuting]

@rajdas98 Thanks for looking at the issue, there are other requirements that need to be addressed along with this. I can come up with the standards first.

[realshuting]

#1730 adds the flag --background-scan to configure the interval. This interval cannot be configured dynamically because it is used to initialize the background controller. Therefore, restart is required when changing the interval.