Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ROX-24553: Possibility to add additional VPA recommenders #1888

Merged
merged 33 commits into from
Jul 5, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
63ea2e3
feat: allow deploying additional VPA recommenders
ludydoo Jun 13, 2024
ab4b5cc
fix recommender deployment runAsUser
ludydoo Jul 1, 2024
93c83fe
fix recommender deployment runAsUser
ludydoo Jul 1, 2024
b632b2b
don't update helm chart resources unnecessarily
ludydoo Jul 2, 2024
51317ce
don't update helm chart resources unnecessarily
ludydoo Jul 2, 2024
9f9ba14
don't update helm chart resources unnecessarily
ludydoo Jul 2, 2024
d7155a8
don't update helm chart resources unnecessarily
ludydoo Jul 2, 2024
cd86418
don't update helm chart resources unnecessarily
ludydoo Jul 2, 2024
2a5b448
don't update helm chart resources unnecessarily
ludydoo Jul 2, 2024
3af4966
don't update helm chart resources unnecessarily
ludydoo Jul 2, 2024
9218672
don't update helm chart resources unnecessarily
ludydoo Jul 2, 2024
7d4c101
don't update helm chart resources unnecessarily
ludydoo Jul 2, 2024
505530c
don't update helm chart resources unnecessarily
ludydoo Jul 2, 2024
20b375c
don't update helm chart resources unnecessarily
ludydoo Jul 2, 2024
f2f1b3a
don't update helm chart resources unnecessarily
ludydoo Jul 2, 2024
23a03a5
don't update helm chart resources unnecessarily
ludydoo Jul 2, 2024
856f09f
don't update helm chart resources unnecessarily
ludydoo Jul 2, 2024
c66b012
fix openshift service-ca-bundle
ludydoo Jul 2, 2024
f5372e5
fix openshift service-ca-bundle
ludydoo Jul 2, 2024
8d198f1
add missing rbac permission
ludydoo Jul 2, 2024
83526b1
fix helm reconciliation
ludydoo Jul 4, 2024
f27494f
fix helm reconciliation
ludydoo Jul 4, 2024
31482a3
fix helm reconciliation
ludydoo Jul 4, 2024
81cb09d
fix helm reconciliation
ludydoo Jul 4, 2024
120ecee
fix helm reconciliation
ludydoo Jul 4, 2024
9fef2b2
fix helm reconciliation
ludydoo Jul 4, 2024
ee602ae
fix helm reconciliation
ludydoo Jul 4, 2024
0a5bb59
fix helm reconciliation
ludydoo Jul 4, 2024
ad3e30f
fix helm reconciliation
ludydoo Jul 4, 2024
83defde
fix helm reconciliation
ludydoo Jul 4, 2024
f723d2d
fix helm reconciliation
ludydoo Jul 4, 2024
826c4a6
fix helm reconciliation
ludydoo Jul 4, 2024
b794ea1
cleanup
ludydoo Jul 5, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -750,6 +750,10 @@ deploy/route:
@oc process -f ./templates/route-template.yml --local | oc apply -f - -n $(NAMESPACE)
.PHONY: deploy/route

# This will create the redhat-pull-secret secret in the rhacs-vertical-pod-autoscaler namespace if it does not exist
deploy/redhat-pull-secret:
./scripts/redhat-pull-secret.sh rhacs-vertical-pod-autoscaler

# When making changes to the gitops configuration for development purposes
# situated here dev/env/manifests/fleet-manager/04-gitops-config.yaml, this
# target will update the gitops configmap on the dev cluster.
Expand Down
24 changes: 24 additions & 0 deletions dev/config/gitops-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,18 @@ rhacsOperators:
image: "quay.io/rhacs-eng/stackrox-operator:4.4.2"
centralLabelSelector: "rhacs.redhat.com/version-selector=4.4.2"
securedClusterReconcilerEnabled: false
verticalPodAutoscaling:
recommenders:
- image: registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel9@sha256:d268de83bd371a725c0d0dad8a48008afa982c10e2997b24ff6d139d90d964f6
name: vpa-1
imagePullSecrets: [{ name: redhat-pull-secret }]
recommendationMarginFraction: 0.30
podRecommendationMinCpuMillicores: 10
- image: registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel9@sha256:d268de83bd371a725c0d0dad8a48008afa982c10e2997b24ff6d139d90d964f6
name: vpa-2
imagePullSecrets: [{ name: redhat-pull-secret }]
recommendationMarginFraction: 0.30
podRecommendationMinCpuMillicores: 20
tenantResources:
default: |
labels:
Expand All @@ -22,6 +34,18 @@ tenantResources:
verticalPodAutoscalers:
central:
enabled: true
updatePolicy:
updateMode: "Auto"
minReplicas: 1
resourcePolicy:
containerPolicies:
- containerName: "*"
minAllowed:
cpu: "100m"
memory: "50Mi"
maxAllowed:
cpu: "1"
memory: "2Gi"
centrals:
overrides:
- instanceIds:
Expand Down
6 changes: 5 additions & 1 deletion dev/env/scripts/bootstrap.sh
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,11 @@ else
log "Skipping installation of Vertical Pod Autoscaler"
fi

apply "${MANIFESTS_DIR}/monitoring"
# skip manifests if openshift cluster using is_openshift_cluster
if ! is_openshift_cluster "$CLUSTER_TYPE"; then
apply "${MANIFESTS_DIR}/monitoring"
fi

apply "${MANIFESTS_DIR}/addons"

if is_local_cluster "$CLUSTER_TYPE"; then
Expand Down
2 changes: 2 additions & 0 deletions dev/env/scripts/up.sh
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ if ! is_openshift_cluster "$CLUSTER_TYPE"; then
$KUBECTL -n "$ACSCS_NAMESPACE" create secret generic fleet-manager-tls 2> /dev/null || true
$KUBECTL -n "$ACSCS_NAMESPACE" create secret generic fleet-manager-envoy-tls 2> /dev/null || true
$KUBECTL -n "$ACSCS_NAMESPACE" create secret generic fleet-manager-active-tls 2> /dev/null || true
# Create the redhat-pull-secret in the rhacs-vertical-pod-autoscaler namespace
make -C "$GITROOT" deploy/redhat-pull-secret
fi

log "Deploying fleet-manager"
Expand Down
11 changes: 2 additions & 9 deletions fleetshard/pkg/central/charts/charts_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
ctrlClient "sigs.k8s.io/controller-runtime/pkg/client"

"helm.sh/helm/v3/pkg/chart/loader"
"helm.sh/helm/v3/pkg/chartutil"

"github.com/stretchr/testify/assert"
Expand Down Expand Up @@ -41,10 +40,7 @@ func TestTenantResourcesChart(t *testing.T) {
}

func TestInstallOrUpdateChartCreateNew(t *testing.T) {
chartFiles, err := TraverseChart(testdata, "testdata/test-chart")
require.NoError(t, err)
chart, err := loader.LoadFiles(chartFiles)
require.NoError(t, err)
chart := mustGetChart(t, "test-chart")
fakeClient := testutils.NewFakeClientBuilder(t).Build()
ctx := context.Background()

Expand All @@ -70,10 +66,7 @@ func TestInstallOrUpdateChartCreateNew(t *testing.T) {
}

func TestInstallOrUpdateChartUpdateExisting(t *testing.T) {
chartFiles, err := TraverseChart(testdata, "testdata/test-chart")
require.NoError(t, err)
chart, err := loader.LoadFiles(chartFiles)
require.NoError(t, err)
chart := mustGetChart(t, "test-chart")
fakeClient := testutils.NewFakeClientBuilder(t, dummyDeployment).Build()
ctx := context.Background()

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v2
name: rhacs-vertical-pod-autoscaler
description: A Helm chart for Kubernetes
type: application
version: 0.0.0
appVersion: "0.0.0"
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: proxy-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: "rhacs-vpa-recommender"
app.kubernetes.io/instance: {{ $.Release.Name | quote }}
app.kubernetes.io/version: {{ $.Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ $.Release.Service | quote }}
helm.sh/chart: "{{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_"}}"
meta.helm.sh/release-name: {{ $.Release.Name | quote }}
meta.helm.sh/release-namespace: {{ $.Release.Namespace | quote }}
data:
server.js: |

/**
* On openshift, prometheus has a kube-rbac-proxy that requires a token to access the metrics endpoint.
* VerticalPodAutoscaler recommenders don't support a token-based authentication.
* This proxy is a simple http server that forwards requests to the prometheus metrics endpoint with the token.
**/

const http = require('http');
const https = require('https');
const fs = require('fs');
const os = require('os');

const TOKEN_PATH = process.env.TOKEN_PATH || '/var/run/secrets/kubernetes.io/serviceaccount/token'
const UPSTREAM_PROTOCOL = process.env.UPSTREAM_PROTOCOL || 'http'
const UPSTREAM_HOST = process.env.UPSTREAM_HOST
const UPSTREAM_PORT = process.env.UPSTREAM_PORT
const LISTEN_PORT = process.env.LISTEN_PORT || "9000"

function onRequest(req, res) {
const secret = fs.readFileSync(TOKEN_PATH, 'utf8');
const options = {
hostname: UPSTREAM_HOST,
port: UPSTREAM_PORT,
path: req.url,
method: req.method,
protocol: UPSTREAM_PROTOCOL + ':',
headers: {
...req.headers,
'authorization': 'Bearer ' + secret,
'host': UPSTREAM_HOST
},
changeOrigin: true
};
const fn = options.protocol === 'https:' ? https : http;
const proxy = fn.request(options, function (r) {
res.writeHead(r.statusCode, r.headers);
r.pipe(res, {end: true});
});
req.pipe(proxy, {end: true});
}

http.createServer(onRequest).listen(LISTEN_PORT, '0.0.0.0');
console.log('Proxying on port 9000')
Loading
Loading