diff --git a/charts/psc-autoscaler/examples/cluster-config-cost-saving-performance-improvement-with-DS-and-STS.yaml b/charts/psc-autoscaler/examples/cluster-config-cost-saving-performance-improvement-with-DS-and-STS.yaml new file mode 100644 index 0000000..00724bf --- /dev/null +++ b/charts/psc-autoscaler/examples/cluster-config-cost-saving-performance-improvement-with-DS-and-STS.yaml @@ -0,0 +1,63 @@ +apiVersion: perfectscale.io/v1 +kind: ClusterAutomationConfig +metadata: + name: cluster-automation-config +spec: + automation: + operational: + stopAllAutomation: false + workloadTypes: + Deployment: + operational: + automationMode: "Enabled" + restrictions: + cpuManagement: + request: + increaseEnabled: true + decreaseEnabled: true + limit: + keepLimit: false + memoryManagement: + request: + increaseEnabled: true + decreaseEnabled: true + limit: + increaseEnabled: true + decreaseEnabled: true + DaemonSet: + operational: + automationMode: "Enabled" + restrictions: + cpuManagement: + request: + increaseEnabled: true + decreaseEnabled: true + limit: + keepLimit: false + memoryManagement: + request: + increaseEnabled: true + decreaseEnabled: true + limit: + increaseEnabled: true + decreaseEnabled: true + # You should consider if you want to enable StatefulSets automation. + # You might want a human eye while restarting production databases, in general, pods with persistent volume are more fragile. + # As well, if your StatefulSet runs on dedicated nodes, reducing workload resources will not help to reduce the cost + StatefulSet: + operational: + automationMode: "Enabled" + restrictions: + cpuManagement: + request: + increaseEnabled: true + decreaseEnabled: true + limit: + keepLimit: false + memoryManagement: + request: + increaseEnabled: true + decreaseEnabled: true + limit: + increaseEnabled: true + decreaseEnabled: true diff --git a/charts/psc-autoscaler/examples/cluster-config-cost-saving-performance-improvement.yaml b/charts/psc-autoscaler/examples/cluster-config-cost-saving-performance-improvement.yaml index 8f89b36..dc5874e 100644 --- a/charts/psc-autoscaler/examples/cluster-config-cost-saving-performance-improvement.yaml +++ b/charts/psc-autoscaler/examples/cluster-config-cost-saving-performance-improvement.yaml @@ -23,4 +23,4 @@ spec: decreaseEnabled: true limit: increaseEnabled: true - decreaseEnabled: true \ No newline at end of file + decreaseEnabled: true diff --git a/charts/psc-autoscaler/examples/cluster-config-cost-saving-with-DS-and-STS.yaml b/charts/psc-autoscaler/examples/cluster-config-cost-saving-with-DS-and-STS.yaml new file mode 100644 index 0000000..be5fcf3 --- /dev/null +++ b/charts/psc-autoscaler/examples/cluster-config-cost-saving-with-DS-and-STS.yaml @@ -0,0 +1,63 @@ +apiVersion: perfectscale.io/v1 +kind: ClusterAutomationConfig +metadata: + name: cluster-automation-config +spec: + automation: + operational: + stopAllAutomation: false + workloadTypes: + Deployment: + operational: + automationMode: "Enabled" + restrictions: + cpuManagement: + request: + increaseEnabled: false + decreaseEnabled: true + limit: + keepLimit: true + memoryManagement: + request: + increaseEnabled: false + decreaseEnabled: true + limit: + increaseEnabled: false + decreaseEnabled: false + DaemonSet: + operational: + automationMode: "Enabled" + restrictions: + cpuManagement: + request: + increaseEnabled: false + decreaseEnabled: true + limit: + keepLimit: true + memoryManagement: + request: + increaseEnabled: false + decreaseEnabled: true + limit: + increaseEnabled: false + decreaseEnabled: false + # You should consider if you want to enable StatefulSets automation. + # You might want a human eye while restarting production databases, in general, pods with persistent volume are more fragile. + # As well, if your StatefulSet runs on dedicated nodes, reducing workload resources will not help to reduce the cost + StatefulSet: + operational: + automationMode: "Enabled" + restrictions: + cpuManagement: + request: + increaseEnabled: false + decreaseEnabled: true + limit: + keepLimit: true + memoryManagement: + request: + increaseEnabled: false + decreaseEnabled: true + limit: + increaseEnabled: false + decreaseEnabled: false diff --git a/charts/psc-autoscaler/examples/cluster-config-cost-saving.yaml b/charts/psc-autoscaler/examples/cluster-config-cost-saving.yaml index 0b25ab9..fc1b433 100644 --- a/charts/psc-autoscaler/examples/cluster-config-cost-saving.yaml +++ b/charts/psc-autoscaler/examples/cluster-config-cost-saving.yaml @@ -23,4 +23,21 @@ spec: decreaseEnabled: true limit: increaseEnabled: false - decreaseEnabled: false \ No newline at end of file + decreaseEnabled: false + DaemonSet: + operational: + automationMode: "Enabled" + restrictions: + cpuManagement: + request: + increaseEnabled: false + decreaseEnabled: true + limit: + keepLimit: true + memoryManagement: + request: + increaseEnabled: false + decreaseEnabled: true + limit: + increaseEnabled: false + decreaseEnabled: false diff --git a/charts/psc-autoscaler/examples/label-based-configuration.yaml b/charts/psc-autoscaler/examples/label-based-configuration.yaml new file mode 100644 index 0000000..a20aaa8 --- /dev/null +++ b/charts/psc-autoscaler/examples/label-based-configuration.yaml @@ -0,0 +1,33 @@ +apiVersion: perfectscale.io/v1 +kind: ClusterAutomationConfig +metadata: + name: cluster-automation-config +spec: + automation: + operational: + stopAllAutomation: false + workloadLabelSelectors: + # This means that if the workload has perfectscale.io/automation-disabled:true label, + # it will not be automated, regardless of the other labels. + - allowAutomation: false + key: perfectscale.io/automation-disabled + value: "true" + # This means that if the workload has team:dev label, + # it will be automated, unless it has perfectscale.io/automation-disabled:true label. + # Workloads without this labels will not be automated. + - allowAutomation: true + key: team + value: "dev" + workloadTypes: + Deployment: + operational: + automationMode: "Enabled" + DaemonSet: + operational: + automationMode: "Enabled" + # You should consider if you want to enable StatefulSets automation. + # You might want a human eye while restarting production databases, in general, pods with persistent volume are more fragile. + # As well, if your StatefulSet runs on dedicated nodes, reducing workload resources will not help to reduce the cost + StatefulSet: + operational: + automationMode: "Enabled" diff --git a/charts/psc-autoscaler/examples/namespace-daemon-stateful-sets-resilience-and-savings.yaml b/charts/psc-autoscaler/examples/namespace-daemon-stateful-sets-resilience-and-savings.yaml new file mode 100644 index 0000000..a179187 --- /dev/null +++ b/charts/psc-autoscaler/examples/namespace-daemon-stateful-sets-resilience-and-savings.yaml @@ -0,0 +1,44 @@ +apiVersion: perfectscale.io/v1 +kind: NamespaceAutomationConfig +metadata: + name: your-namespace-automation-config +spec: + automation: + workloadTypes: + DaemonSet: + operational: + automationMode: "Enabled" + restrictions: + cpuManagement: + request: + increaseEnabled: true + decreaseEnabled: true + limit: + keepLimit: false + memoryManagement: + request: + increaseEnabled: true + decreaseEnabled: true + limit: + increaseEnabled: true + decreaseEnabled: true + # You should consider if you want to enable StatefulSets automation. + # You might want a human eye while restarting production databases, in general, pods with persistent volume are more fragile. + # As well, if your StatefulSet runs on dedicated nodes, reducing workload resources will not help to reduce the cost + StatefulSet: + operational: + automationMode: "Enabled" + restrictions: + cpuManagement: + request: + increaseEnabled: true + decreaseEnabled: true + limit: + keepLimit: false + memoryManagement: + request: + increaseEnabled: true + decreaseEnabled: true + limit: + increaseEnabled: true + decreaseEnabled: true diff --git a/charts/psc-autoscaler/examples/namespace-daemon-stateful-sets-savings.yaml b/charts/psc-autoscaler/examples/namespace-daemon-stateful-sets-savings.yaml new file mode 100644 index 0000000..2024775 --- /dev/null +++ b/charts/psc-autoscaler/examples/namespace-daemon-stateful-sets-savings.yaml @@ -0,0 +1,44 @@ +apiVersion: perfectscale.io/v1 +kind: NamespaceAutomationConfig +metadata: + name: your-namespace-automation-config +spec: + automation: + workloadTypes: + DaemonSet: + operational: + automationMode: "Enabled" + restrictions: + cpuManagement: + request: + increaseEnabled: false + decreaseEnabled: true + limit: + keepLimit: true + memoryManagement: + request: + increaseEnabled: false + decreaseEnabled: true + limit: + increaseEnabled: false + decreaseEnabled: false + # You should consider if you want to enable StatefulSets automation. + # You might want a human eye while restarting production databases, in general, pods with persistent volume are more fragile. + # As well, if your StatefulSet runs on dedicated nodes, reducing workload resources will not help to reduce the cost + StatefulSet: + operational: + automationMode: "Enabled" + restrictions: + cpuManagement: + request: + increaseEnabled: false + decreaseEnabled: true + limit: + keepLimit: true + memoryManagement: + request: + increaseEnabled: false + decreaseEnabled: true + limit: + increaseEnabled: false + decreaseEnabled: false diff --git a/charts/psc-autoscaler/examples/workload-config-daemon-set-resilience-and-savings.yaml b/charts/psc-autoscaler/examples/workload-config-daemon-set-resilience-and-savings.yaml new file mode 100644 index 0000000..92a919c --- /dev/null +++ b/charts/psc-autoscaler/examples/workload-config-daemon-set-resilience-and-savings.yaml @@ -0,0 +1,25 @@ +apiVersion: perfectscale.io/v1 +kind: WorkloadAutomationConfig +metadata: + name: your-workload-automation-config +spec: + targetRef: + kind: DaemonSet + name: ds-name + automation: + operational: + automationMode: "Enabled" + restrictions: + cpuManagement: + request: + increaseEnabled: true + decreaseEnabled: true + limit: + keepLimit: false + memoryManagement: + request: + increaseEnabled: true + decreaseEnabled: true + limit: + increaseEnabled: true + decreaseEnabled: true diff --git a/charts/psc-autoscaler/examples/workload-config-daemon-set-savings.yaml b/charts/psc-autoscaler/examples/workload-config-daemon-set-savings.yaml new file mode 100644 index 0000000..16ecf9d --- /dev/null +++ b/charts/psc-autoscaler/examples/workload-config-daemon-set-savings.yaml @@ -0,0 +1,25 @@ +apiVersion: perfectscale.io/v1 +kind: WorkloadAutomationConfig +metadata: + name: your-workload-automation-config +spec: + targetRef: + kind: DaemonSet + name: ds-name + automation: + operational: + automationMode: "Enabled" + restrictions: + cpuManagement: + request: + increaseEnabled: false + decreaseEnabled: true + limit: + keepLimit: true + memoryManagement: + request: + increaseEnabled: false + decreaseEnabled: true + limit: + increaseEnabled: false + decreaseEnabled: false diff --git a/charts/psc-autoscaler/examples/workload-config-sts-resilience.yaml b/charts/psc-autoscaler/examples/workload-config-sts-resilience.yaml new file mode 100644 index 0000000..7eb1467 --- /dev/null +++ b/charts/psc-autoscaler/examples/workload-config-sts-resilience.yaml @@ -0,0 +1,28 @@ +# You should consider if you want to enable StatefulSets automation. +# You might want a human eye while restarting production databases, in general, pods with persistent volume are more fragile. +# As well, if your StatefulSet runs on dedicated nodes, reducing workload resources will not help to reduce the cost +apiVersion: perfectscale.io/v1 +kind: WorkloadAutomationConfig +metadata: + name: your-workload-automation-config +spec: + targetRef: + kind: StatefulSet + name: sts-name + automation: + operational: + automationMode: "Enabled" + restrictions: + cpuManagement: + request: + increaseEnabled: true + decreaseEnabled: true + limit: + keepLimit: false + memoryManagement: + request: + increaseEnabled: true + decreaseEnabled: true + limit: + increaseEnabled: true + decreaseEnabled: true diff --git a/charts/psc-autoscaler/examples/workload-config-sts-savings.yaml b/charts/psc-autoscaler/examples/workload-config-sts-savings.yaml new file mode 100644 index 0000000..7659895 --- /dev/null +++ b/charts/psc-autoscaler/examples/workload-config-sts-savings.yaml @@ -0,0 +1,28 @@ +# You should consider if you want to enable StatefulSets automation. +# You might want a human eye while restarting production databases, in general, pods with persistent volume are more fragile. +# As well, if your StatefulSet runs on dedicated nodes, reducing workload resources will not help to reduce the cost +apiVersion: perfectscale.io/v1 +kind: WorkloadAutomationConfig +metadata: + name: your-workload-automation-config +spec: + targetRef: + kind: StatefulSet + name: sts-name + automation: + operational: + automationMode: "Enabled" + restrictions: + cpuManagement: + request: + increaseEnabled: false + decreaseEnabled: true + limit: + keepLimit: true + memoryManagement: + request: + increaseEnabled: false + decreaseEnabled: true + limit: + increaseEnabled: false + decreaseEnabled: false diff --git a/charts/psc-autoscaler/templates/admission.yaml b/charts/psc-autoscaler/templates/admission.yaml index 2af596b..9f7e233 100644 --- a/charts/psc-autoscaler/templates/admission.yaml +++ b/charts/psc-autoscaler/templates/admission.yaml @@ -10,8 +10,14 @@ metadata: labels: {{- include "psc-autoscaler.labels" . | nindent 4 }} data: +{{- if .Values.admission.staticCerts.enabled }} + tls.crt: {{ .Values.admission.staticCerts.tlsCert }} + tls.key: {{ .Values.admission.staticCerts.tlsKey }} +{{- else }} tls.crt: {{ $cert.Cert | b64enc }} tls.key: {{ $cert.Key | b64enc }} +{{- end }} + --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration @@ -33,7 +39,11 @@ webhooks: resources: [ "pods" ] scope: "Namespaced" clientConfig: +{{- if .Values.admission.staticCerts.enabled }} + caBundle: {{ .Values.admission.staticCerts.caCert }} +{{- else }} caBundle: {{ $ca.Cert | b64enc }} +{{- end }} service: namespace: {{ .Release.Namespace }} name: {{ include "psc-autoscaler.fullname" . }} @@ -62,7 +72,11 @@ webhooks: resources: [ "namespaceautomationconfigs", "workloadautomationconfigs" ] scope: "Namespaced" clientConfig: +{{- if .Values.admission.staticCerts.enabled }} + caBundle: {{ .Values.admission.staticCerts.caCert }} +{{- else }} caBundle: {{ $ca.Cert | b64enc }} +{{- end }} service: namespace: {{ .Release.Namespace }} name: {{ include "psc-autoscaler.fullname" . }} diff --git a/charts/psc-autoscaler/templates/clusterrole.yaml b/charts/psc-autoscaler/templates/clusterrole.yaml index 2d87d8e..41a5b84 100644 --- a/charts/psc-autoscaler/templates/clusterrole.yaml +++ b/charts/psc-autoscaler/templates/clusterrole.yaml @@ -8,8 +8,11 @@ rules: resources: [ "mutatingwebhookconfigurations", "validatingwebhookconfigurations" ] verbs: [ "create", "get", "delete", "list", "patch", "update", "watch" ] - apiGroups: [ "" ] - resources: [ "pods", "namespaces" ] + resources: [ "namespaces" ] verbs: [ "get", "list", "watch" ] + - apiGroups: [ "" ] + resources: [ "pods" ] + verbs: [ "get", "list", "watch", "delete" ] - apiGroups: [ "" ] resources: [ "events" ] verbs: [ "get", "list","watch","create", "patch" ] diff --git a/charts/psc-autoscaler/templates/deployment.yaml b/charts/psc-autoscaler/templates/deployment.yaml index 813e4b9..4614719 100644 --- a/charts/psc-autoscaler/templates/deployment.yaml +++ b/charts/psc-autoscaler/templates/deployment.yaml @@ -20,6 +20,10 @@ spec: metadata: annotations: checksum/secret: {{ include (print $.Template.BasePath "/admission.yaml") . | sha256sum }} + {{- if not .Values.admission.staticCerts.enabled }} + {{- /* it requires to reload the latest re-generated certs for mtls after helm upgrade*/}} + rolloutme: {{ randAlphaNum 5 | quote }} + {{- end }} labels: automation.perfectscale.io/excluded: "true" perfectscale.io/psc-autoscaler-cmd: serve diff --git a/charts/psc-autoscaler/values.yaml b/charts/psc-autoscaler/values.yaml index 11070ad..d73eeac 100644 --- a/charts/psc-autoscaler/values.yaml +++ b/charts/psc-autoscaler/values.yaml @@ -2,7 +2,7 @@ replicaCount: 3 image: repository: public.ecr.aws/perfectscale-io/psc-autoscaler pullPolicy: Always - tag: "v1.0.9" + tag: "v1.0.10" settings: port: 8443 env: "prod" @@ -99,6 +99,11 @@ admission: timeout: 15 # Optionally change it to "Fail" failurePolicy: "Ignore" + staticCerts: + enabled: false + # caCert: "" + # tlsCert: "" + # tlsKey: "" integrationTests: enabled: true image: