From c93b33c75558ca953a9ac90d9f76745586c8cf6c Mon Sep 17 00:00:00 2001 From: Eamonn Mansour <47121388+eamansour@users.noreply.github.com> Date: Fri, 20 Dec 2024 10:57:34 +0000 Subject: [PATCH] Add values to configure API server ingress annotations and replicas with optional autoscaling (#63) * feat: Add values to configure API server rate limits and replicas Signed-off-by: Eamonn Mansour <47121388+eamansour@users.noreply.github.com> * refactor: Rename api value to apiServer for clarity Signed-off-by: Eamonn Mansour <47121388+eamansour@users.noreply.github.com> * feat: Use ingress-based rate limiting defaulting to 1000 requests per second, set default API server replicas to 2 Signed-off-by: Eamonn Mansour <47121388+eamansour@users.noreply.github.com> * feat: Add initial API pod autoscaler and associated values Signed-off-by: Eamonn Mansour <47121388+eamansour@users.noreply.github.com> * chore: Disable autoscaling by default Signed-off-by: Eamonn Mansour <47121388+eamansour@users.noreply.github.com> * fix: Remove unused environment variables Signed-off-by: Eamonn Mansour <47121388+eamansour@users.noreply.github.com> --------- Signed-off-by: Eamonn Mansour <47121388+eamansour@users.noreply.github.com> --- .../templates/api-bootstrap-ingress.yaml | 3 + charts/ecosystem/templates/api-ingress.yaml | 3 + .../templates/api-pod-autoscaler.yaml | 35 ++++++++ charts/ecosystem/templates/api.yaml | 7 +- charts/ecosystem/values.yaml | 82 ++++++++++++++++--- 5 files changed, 115 insertions(+), 15 deletions(-) create mode 100644 charts/ecosystem/templates/api-pod-autoscaler.yaml diff --git a/charts/ecosystem/templates/api-bootstrap-ingress.yaml b/charts/ecosystem/templates/api-bootstrap-ingress.yaml index f137a20..32d4bbf 100644 --- a/charts/ecosystem/templates/api-bootstrap-ingress.yaml +++ b/charts/ecosystem/templates/api-bootstrap-ingress.yaml @@ -12,6 +12,9 @@ metadata: {{- with .Values.ingress.annotations }} {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.apiServer.ingressAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} nginx.ingress.kubernetes.io/rewrite-target: /bootstrap/external spec: ingressClassName: {{ .Values.ingress.ingressClassName }} diff --git a/charts/ecosystem/templates/api-ingress.yaml b/charts/ecosystem/templates/api-ingress.yaml index 2ba8a22..69a3fb1 100644 --- a/charts/ecosystem/templates/api-ingress.yaml +++ b/charts/ecosystem/templates/api-ingress.yaml @@ -12,6 +12,9 @@ metadata: {{- with .Values.ingress.annotations }} {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.apiServer.ingressAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} nginx.ingress.kubernetes.io/rewrite-target: /$2 spec: ingressClassName: {{ .Values.ingress.ingressClassName }} diff --git a/charts/ecosystem/templates/api-pod-autoscaler.yaml b/charts/ecosystem/templates/api-pod-autoscaler.yaml new file mode 100644 index 0000000..4629840 --- /dev/null +++ b/charts/ecosystem/templates/api-pod-autoscaler.yaml @@ -0,0 +1,35 @@ +# +# Copyright contributors to the Galasa project +# +# SPDX-License-Identifier: EPL-2.0 +# +{{- if .Values.apiServer.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Release.Name }}-api-hpa +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Release.Name }}-api + minReplicas: {{ .Values.apiServer.autoscaling.minReplicas }} + maxReplicas: {{ .Values.apiServer.autoscaling.maxReplicas }} + metrics: + {{- if .Values.apiServer.autoscaling.targetMemoryPercentageUsed }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.apiServer.autoscaling.targetMemoryPercentageUsed }} + {{- end }} + {{- if .Values.apiServer.autoscaling.targetCPUPercentageUsed }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.apiServer.autoscaling.targetCPUPercentageUsed }} + {{- end }} +{{- end }} diff --git a/charts/ecosystem/templates/api.yaml b/charts/ecosystem/templates/api.yaml index b6c8cb6..e7beabb 100644 --- a/charts/ecosystem/templates/api.yaml +++ b/charts/ecosystem/templates/api.yaml @@ -11,7 +11,7 @@ metadata: labels: app: {{ .Release.Name }}-api spec: - replicas: 1 + replicas: {{ .Values.apiServer.replicaCount }} strategy: type: Recreate selector: @@ -118,7 +118,7 @@ spec: - name: GALASA_USERNAME_CLAIMS value: {{ join "," .Values.dex.usernameClaims | quote }} - name: GALASA_ALLOWED_ORIGINS - value: {{ join "," .Values.allowedOrigins | quote }} + value: {{ join "," .Values.apiServer.allowedOrigins | quote }} - name: GALASA_RAS_TOKEN valueFrom: secretKeyRef: @@ -155,6 +155,9 @@ spec: port: 8080 initialDelaySeconds: 5 periodSeconds: 10 + {{- with .Values.apiServer.resources }} + resources: {{- toYaml . | nindent 10 }} + {{- end }} volumeMounts: - name: bootstrap mountPath: /bootstrap.properties diff --git a/charts/ecosystem/values.yaml b/charts/ecosystem/values.yaml index e8ef647..8cf7ae2 100644 --- a/charts/ecosystem/values.yaml +++ b/charts/ecosystem/values.yaml @@ -131,20 +131,76 @@ encryption: keysSecretName: "" # # -# A list of origins that are allowed to receive responses from the Galasa API server. -# To limit the origins to a set of domains, you can use a wildcard (*) value. -# -# For example, to allow all subdomains of example.com, you can use the following value: -# allowedOrigins: -# - "*.example.com" -# -# By default, all origins are allowed. -# -allowedOrigins: - - "*" +# Values to configure the API server # +apiServer: + # + # + # The number of API server replicas to deploy. This value is overridden when autoscaling is enabled. + # + replicaCount: 2 + # + # + # The requests and limits to apply to resources, like CPU and memory, that the API server container consumes. + # See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details on resource management in Kubernetes Pods. + # + # For example, to assign 2 CPU cores and 512MB of memory to the API server, with a limit of up to 3 CPU cores and 1024MB of memory: + # resources: + # requests: + # cpu: "2" + # memory: "512Mi" + # limits: + # cpu: "3" + # memory: "1024Mi" + # + resources: {} + # + # + # Values to configure autoscaling for the API server. Important: Resource requests must be defined via the `resources` value in order + # for autoscaling to work properly. + # + autoscaling: + # + # Enables or disables autoscaling + enabled: false + # + # The minimum number of API server replicas that should be deployed + minReplicas: 1 + # + # The maximum number of API server replicas that should be deployed + maxReplicas: 10 + # + # The target percentage of CPU utilization to consider when autoscaling. + # For example: `targetCPU: "50"` indicates that the autoscaler may increase the number of replicas when CPU utilization + # exceeds 50%. Similarly, when CPU utilization drops below 50%, the autoscaler may decrease the number of replicas. + targetCPUPercentageUsed: "50" + # + # The target percentage of memory utilization to consider when autoscaling. + # For example: `targetMemory: "50"` indicates that the autoscaler may increase the number of replicas when memory utilization + # exceeds 50%. Similarly, when memory utilization drops below 50%, the autoscaler may decrease the number of replicas. + targetMemoryPercentageUsed: "50" + # + # + # The Kubernetes annotations to apply to the Galasa API server's ingress resource alongside the global annotations provided via the `ingress.annotations` value. + # By default, a rate limit of 1000 requests from a given IP per second is applied to the API server's ingress, using the nginx ingress controller. + # + ingressAnnotations: + nginx.ingress.kubernetes.io/limit-rps: "1000" + # + # + # A list of origins that are allowed to receive responses from the Galasa API server. + # To limit the origins to a set of domains, you can use a wildcard (*) value. + # + # For example, to allow all subdomains of example.com, you can use the following value: + # allowedOrigins: + # - "*.example.com" + # + # By default, all origins are allowed. + # + allowedOrigins: + - "*" # -# Values to enable and configure the use of ingress +# Values to configure global settings applied to all ingresses # Note: The externalHostname value must be a valid DNS name for ingress to be used. # ingress: @@ -161,7 +217,7 @@ ingress: # Optional - The name of the Secret containing root and intermediate CA certificates in a single .pem file. caCertSecretName: "" - # Annotations to be added to ingresses. For example: + # Annotations to be added to all ingresses. For example: # annotations: # nginx.ingress.kubernetes.io/proxy-body-size: "0" # nginx.ingress.kubernetes.io/ssl-redirect: "true"