From 9b4eb802464d4f4127482b69f2b245250ab77982 Mon Sep 17 00:00:00 2001
From: velotioaastha <aastha.gupta@velotio.com>
Date: Mon, 8 Jul 2024 18:54:55 -0400
Subject: [PATCH 1/2] Implement autoscaling in Kubernetes for Terraform EKS

---
 deployment-size.tf                | 50 ++++++++++++++++++-------------
 main.tf                           | 34 +++++++++++----------
 modules/app_eks/add-ons.tf        | 38 +++++++++++------------
 modules/app_eks/iam-policies.tf   |  4 +--
 modules/app_eks/iam-roles.tf      |  8 ++---
 modules/app_eks/main.tf           |  4 +--
 modules/app_eks/variables.tf      | 12 ++++++++
 modules/app_lb/outputs.tf         |  4 +--
 modules/database/main.tf          |  2 +-
 modules/endpoint/main.tf          | 10 +++----
 modules/endpoint/variables.tf     | 10 +++----
 modules/iam_role/main.tf          | 14 ++++-----
 modules/iam_role/variables.tf     |  2 +-
 modules/private_link/main.tf      | 10 +++----
 modules/private_link/variables.tf |  4 +--
 variables.tf                      | 24 +++++++++++----
 16 files changed, 133 insertions(+), 97 deletions(-)

diff --git a/deployment-size.tf b/deployment-size.tf
index f6aedbe6..68f80dd0 100644
--- a/deployment-size.tf
+++ b/deployment-size.tf
@@ -6,34 +6,44 @@
 locals {
   deployment_size = {
     small = {
-      db            = "db.r6g.large",
-      node_count    = 2,
-      node_instance = "r6i.xlarge"
-      cache         = "cache.m6g.large"
+      db             = "db.r6g.large",
+      node_count     = 2,
+      node_instance  = "r6i.xlarge",
+      cache          = "cache.m6g.large",
+      min_node_count = 1,
+      max_node_count = 3
     },
     medium = {
-      db            = "db.r6g.xlarge",
-      node_count    = 2,
-      node_instance = "r6i.xlarge"
-      cache         = "cache.m6g.large"
+      db             = "db.r6g.xlarge",
+      node_count     = 2,
+      node_instance  = "r6i.xlarge",
+      cache          = "cache.m6g.large",
+      min_node_count = 1,
+      max_node_count = 4
     },
     large = {
-      db            = "db.r6g.2xlarge",
-      node_count    = 2,
-      node_instance = "r6i.2xlarge"
-      cache         = "cache.m6g.xlarge"
+      db             = "db.r6g.2xlarge",
+      node_count     = 2,
+      node_instance  = "r6i.2xlarge",
+      cache          = "cache.m6g.xlarge",
+      min_node_count = 2,
+      max_node_count = 6
     },
     xlarge = {
-      db            = "db.r6g.4xlarge",
-      node_count    = 3,
-      node_instance = "r6i.2xlarge"
-      cache         = "cache.m6g.xlarge"
+      db             = "db.r6g.4xlarge",
+      node_count     = 3,
+      node_instance  = "r6i.2xlarge",
+      cache          = "cache.m6g.xlarge",
+      min_node_count = 2,
+      max_node_count = 8
     },
     xxlarge = {
-      db            = "db.r6g.8xlarge",
-      node_count    = 3,
-      node_instance = "r6i.4xlarge"
-      cache         = "cache.m6g.2xlarge"
+      db             = "db.r6g.8xlarge",
+      node_count     = 3,
+      node_instance  = "r6i.4xlarge",
+      cache          = "cache.m6g.2xlarge",
+      min_node_count = 3,
+      max_node_count = 10
     }
   }
 }
\ No newline at end of file
diff --git a/main.tf b/main.tf
index dfd091ec..3a4ec1e2 100644
--- a/main.tf
+++ b/main.tf
@@ -128,6 +128,8 @@ module "app_eks" {
 
   instance_types   = try([local.deployment_size[var.size].node_instance], var.kubernetes_instance_types)
   desired_capacity = try(local.deployment_size[var.size].node_count, var.kubernetes_node_count)
+  min_capacity     = try(local.deployment_size[var.size].min_node_count, var.min_node_count)
+  max_capacity     = try(local.deployment_size[var.size].max_node_count, var.max_node_count)
   map_accounts     = var.kubernetes_map_accounts
   map_roles        = var.kubernetes_map_roles
   map_users        = var.kubernetes_map_users
@@ -370,12 +372,12 @@ module "wandb" {
 
       # To support otel rds and redis metrics need operator-wandb chart minimum version 0.13.8 ( yace subchart)
       yace = var.enable_yace ? {
-        install = true
-        regions =  [data.aws_region.current.name]
-        serviceAccount = { annotations = { "eks.amazonaws.com/role-arn" = module.iam_role[0].role_arn} }
-      } : {
-        install = false
-        regions = []
+        install        = true
+        regions        = [data.aws_region.current.name]
+        serviceAccount = { annotations = { "eks.amazonaws.com/role-arn" = module.iam_role[0].role_arn } }
+        } : {
+        install        = false
+        regions        = []
         serviceAccount = {}
       }
 
@@ -386,13 +388,13 @@ module "wandb" {
               prometheus = {
                 config = {
                   scrape_configs = [
-                    { job_name = "yace"
-                      scheme = "http"
-                      metrics_path =  "/metrics"
+                    { job_name     = "yace"
+                      scheme       = "http"
+                      metrics_path = "/metrics"
                       dns_sd_configs = [
                         { names = ["yace"]
-                          type = "A"
-                          port = 5000
+                          type  = "A"
+                          port  = 5000
                         }
                       ]
                     }
@@ -408,11 +410,11 @@ module "wandb" {
               }
             }
           }
-        } : { config = {
-                receivers = {}
-                service   = {}
-              }
-            }
+          } : { config = {
+            receivers = {}
+            service   = {}
+          }
+        }
       }
 
       mysql = { install = false }
diff --git a/modules/app_eks/add-ons.tf b/modules/app_eks/add-ons.tf
index 56503d6c..19f2ce56 100644
--- a/modules/app_eks/add-ons.tf
+++ b/modules/app_eks/add-ons.tf
@@ -32,43 +32,43 @@ resource "aws_iam_role" "oidc" {
 ### add-ons for eks version 1.28
 
 resource "aws_eks_addon" "aws_efs_csi_driver" {
-   depends_on = [
-     aws_eks_addon.vpc_cni
-   ]
-   cluster_name               = var.namespace
-   addon_name                 = "aws-efs-csi-driver"
-   addon_version              = "v2.0.4-eksbuild.1"
-   resolve_conflicts          = "OVERWRITE"
+  depends_on = [
+    aws_eks_addon.vpc_cni
+  ]
+  cluster_name      = var.namespace
+  addon_name        = "aws-efs-csi-driver"
+  addon_version     = "v2.0.4-eksbuild.1"
+  resolve_conflicts = "OVERWRITE"
 }
 
 resource "aws_eks_addon" "aws_ebs_csi_driver" {
   depends_on = [
     aws_eks_addon.vpc_cni
   ]
-  cluster_name                = var.namespace
-  addon_name                  = "aws-ebs-csi-driver"
-  addon_version               = "v1.31.0-eksbuild.1"
-  resolve_conflicts           = "OVERWRITE"
+  cluster_name      = var.namespace
+  addon_name        = "aws-ebs-csi-driver"
+  addon_version     = "v1.31.0-eksbuild.1"
+  resolve_conflicts = "OVERWRITE"
 }
 
 resource "aws_eks_addon" "coredns" {
   depends_on = [
     aws_eks_addon.vpc_cni
   ]
-  cluster_name                = var.namespace
-  addon_name                  = "coredns"
-  addon_version               = "v1.10.1-eksbuild.11"
-  resolve_conflicts           = "OVERWRITE"
+  cluster_name      = var.namespace
+  addon_name        = "coredns"
+  addon_version     = "v1.10.1-eksbuild.11"
+  resolve_conflicts = "OVERWRITE"
 }
 
 resource "aws_eks_addon" "kube_proxy" {
   depends_on = [
     aws_eks_addon.vpc_cni
   ]
-  cluster_name                = var.namespace
-  addon_name                  = "kube-proxy"
-  addon_version               = "v1.28.8-eksbuild.5"
-  resolve_conflicts           = "OVERWRITE"
+  cluster_name      = var.namespace
+  addon_name        = "kube-proxy"
+  addon_version     = "v1.28.8-eksbuild.5"
+  resolve_conflicts = "OVERWRITE"
 }
 
 resource "aws_eks_addon" "vpc_cni" {
diff --git a/modules/app_eks/iam-policies.tf b/modules/app_eks/iam-policies.tf
index 6ce0528a..f5e3d134 100644
--- a/modules/app_eks/iam-policies.tf
+++ b/modules/app_eks/iam-policies.tf
@@ -53,8 +53,8 @@ resource "aws_iam_policy" "irsa" {
     Version = "2012-10-17"
     Statement = [
       {
-        Effect   = "Allow"
-        Action   = [
+        Effect = "Allow"
+        Action = [
           "s3:*",
           "kms:*",
         ]
diff --git a/modules/app_eks/iam-roles.tf b/modules/app_eks/iam-roles.tf
index 9654b4ce..fd2dfc4d 100644
--- a/modules/app_eks/iam-roles.tf
+++ b/modules/app_eks/iam-roles.tf
@@ -8,15 +8,15 @@ resource "aws_iam_role" "node" {
 resource "aws_iam_role" "irsa" {
   name = "${var.namespace}-irsa-role"
   assume_role_policy = jsonencode({
-    Version   = "2012-10-17"
+    Version = "2012-10-17"
     Statement = [
       {
-        Sid       = ""
-        Effect    = "Allow"
+        Sid    = ""
+        Effect = "Allow"
         Principal = {
           Federated = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${aws_iam_openid_connect_provider.eks.url}"
         }
-        Action    = "sts:AssumeRoleWithWebIdentity"
+        Action = "sts:AssumeRoleWithWebIdentity"
         Condition = {
           StringLike = {
             "${aws_iam_openid_connect_provider.eks.url}:sub" = "system:serviceaccount:${var.namespace}:*"
diff --git a/modules/app_eks/main.tf b/modules/app_eks/main.tf
index 9210ad9d..1e1ec60e 100644
--- a/modules/app_eks/main.tf
+++ b/modules/app_eks/main.tf
@@ -55,10 +55,10 @@ module "eks" {
       iam_role_arn                         = aws_iam_role.node.arn,
       instance_types                       = var.instance_types,
       kubelet_extra_args                   = local.system_reserved != "" ? "--system-reserved=${local.system_reserved}" : "",
-      max_capacity                         = 5,
+      max_capacity                         = var.max_capacity,
       metadata_http_put_response_hop_limit = 2
       metadata_http_tokens                 = "required",
-      min_capacity                         = var.desired_capacity,
+      min_capacity                         = var.min_capacity,
       version                              = var.cluster_version,
     }
   }
diff --git a/modules/app_eks/variables.tf b/modules/app_eks/variables.tf
index 64e6df6e..392dccb4 100644
--- a/modules/app_eks/variables.tf
+++ b/modules/app_eks/variables.tf
@@ -122,6 +122,18 @@ variable "desired_capacity" {
   default     = 2
 }
 
+variable "min_capacity" {
+  description = "Minimum number of worker nodes."
+  type        = number
+  default     = 1
+}
+
+variable "max_capacity" {
+  description = "Maximum number of worker nodes."
+  type        = number
+  default     = 6
+}
+
 variable "system_reserved_cpu_millicores" {
   description = "(Optional) The amount of 'system-reserved' CPU millicores to pass to the kubelet. For example: 100.  A value of -1 disables the flag."
   type        = number
diff --git a/modules/app_lb/outputs.tf b/modules/app_lb/outputs.tf
index 20724c32..6f8fa61f 100644
--- a/modules/app_lb/outputs.tf
+++ b/modules/app_lb/outputs.tf
@@ -15,9 +15,9 @@ output "tg_app_arn" {
 }
 
 output "alb_name" {
-value =  aws_lb.alb.arn
+  value = aws_lb.alb.arn
 }
 
 output "nlb_security_group" {
-  value = var.enable_private_only_traffic? aws_security_group.inbound_private[0].id : null
+  value = var.enable_private_only_traffic ? aws_security_group.inbound_private[0].id : null
 }
\ No newline at end of file
diff --git a/modules/database/main.tf b/modules/database/main.tf
index c5d7b8bb..f60e984d 100644
--- a/modules/database/main.tf
+++ b/modules/database/main.tf
@@ -9,7 +9,7 @@ resource "random_string" "master_password" {
 }
 
 locals {
-  engine_version_tag     = "80" 
+  engine_version_tag     = "80"
   parameter_family       = "aurora-mysql8.0"
   parameter_group_name   = "${var.namespace}-aurora-db-${local.engine_version_tag}-parameter-group"
   parameter_cluster_name = "${var.namespace}-aurora-${local.engine_version_tag}-cluster-parameter-group"
diff --git a/modules/endpoint/main.tf b/modules/endpoint/main.tf
index dc64c71c..2c8ebe6b 100644
--- a/modules/endpoint/main.tf
+++ b/modules/endpoint/main.tf
@@ -1,9 +1,9 @@
 resource "aws_vpc_endpoint" "default" {
-  vpc_id              = var.network_id
-  service_name        = var.service_name
-  vpc_endpoint_type   = "Gateway" 
-  auto_accept = true
-  route_table_ids  = var.private_route_table_id
+  vpc_id            = var.network_id
+  service_name      = var.service_name
+  vpc_endpoint_type = "Gateway"
+  auto_accept       = true
+  route_table_ids   = var.private_route_table_id
 
   policy = <<POLICY
 {
diff --git a/modules/endpoint/variables.tf b/modules/endpoint/variables.tf
index ed3fe06d..36a3f9e4 100644
--- a/modules/endpoint/variables.tf
+++ b/modules/endpoint/variables.tf
@@ -1,14 +1,14 @@
 variable "network_id" {
-   type = string
-   description = "ID of the network (VPC) where infrastructure resources will be deployed."
- }
+  type        = string
+  description = "ID of the network (VPC) where infrastructure resources will be deployed."
+}
 
 variable "private_route_table_id" {
-  type = list(string)
+  type        = list(string)
   description = "Private route table ID within the specified network (VPC) where resources will be deployed"
 }
 
 variable "service_name" {
-  type = string
+  type        = string
   description = "Name of the service or vpc endpoint"
 }
\ No newline at end of file
diff --git a/modules/iam_role/main.tf b/modules/iam_role/main.tf
index 68005c22..42c15c0c 100644
--- a/modules/iam_role/main.tf
+++ b/modules/iam_role/main.tf
@@ -3,15 +3,15 @@ data "aws_caller_identity" "current" {}
 resource "aws_iam_role" "irsa" {
   name = "${var.namespace}-yace-irsa-role"
   assume_role_policy = jsonencode({
-    Version   = "2012-10-17"
+    Version = "2012-10-17"
     Statement = [
       {
-        Sid       = ""
-        Effect    = "Allow"
+        Sid    = ""
+        Effect = "Allow"
         Principal = {
           Federated = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${var.aws_iam_openid_connect_provider_url}"
         }
-        Action    = ["sts:AssumeRoleWithWebIdentity"]
+        Action = ["sts:AssumeRoleWithWebIdentity"]
         Condition = {
           StringLike = {
             "${var.aws_iam_openid_connect_provider_url}:sub" = "system:serviceaccount:default:${var.yace_sa_name}"
@@ -27,13 +27,13 @@ resource "aws_iam_role" "irsa" {
 resource "aws_iam_policy" "irsa" {
   name        = "${var.namespace}-yace-irsa-policy"
   description = "IRSA IAM Policy"
-  
+
   policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
       {
-        Effect   = "Allow"
-        Action   = [
+        Effect = "Allow"
+        Action = [
           "tag:GetResources",
           "cloudwatch:GetMetricData",
           "cloudwatch:GetMetricStatistics",
diff --git a/modules/iam_role/variables.tf b/modules/iam_role/variables.tf
index d14948e5..8a53ab43 100644
--- a/modules/iam_role/variables.tf
+++ b/modules/iam_role/variables.tf
@@ -4,7 +4,7 @@ variable "namespace" {
 }
 
 variable "aws_iam_openid_connect_provider_url" {
-  type        = string
+  type = string
 }
 
 variable "yace_sa_name" {
diff --git a/modules/private_link/main.tf b/modules/private_link/main.tf
index bb2989c0..ed68098d 100644
--- a/modules/private_link/main.tf
+++ b/modules/private_link/main.tf
@@ -1,6 +1,6 @@
 locals {
   max_lb_name_length = 32 - length("-nlb")
-  lb_name_truncated  = var.enable_private_only_traffic ?  "${substr(var.namespace, 0, local.max_lb_name_length)}-private-link-nlb" : "${substr(var.namespace, 0, local.max_lb_name_length)}-nlb"
+  lb_name_truncated  = var.enable_private_only_traffic ? "${substr(var.namespace, 0, local.max_lb_name_length)}-private-link-nlb" : "${substr(var.namespace, 0, local.max_lb_name_length)}-nlb"
 }
 
 resource "aws_lb" "nlb" {
@@ -9,10 +9,10 @@ resource "aws_lb" "nlb" {
   load_balancer_type         = "network"
   subnets                    = var.network_private_subnets
   enable_deletion_protection = var.deletion_protection
-  security_groups = var.enable_private_only_traffic ? [var.nlb_security_group] : []
-lifecycle {
-  create_before_destroy = true
-}
+  security_groups            = var.enable_private_only_traffic ? [var.nlb_security_group] : []
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 resource "aws_lb_target_group" "nlb" {
diff --git a/modules/private_link/variables.tf b/modules/private_link/variables.tf
index a5524f2d..a4f22308 100644
--- a/modules/private_link/variables.tf
+++ b/modules/private_link/variables.tf
@@ -29,8 +29,8 @@ variable "vpc_id" {
 }
 
 variable "enable_private_only_traffic" {
-  type        = bool
+  type = bool
 }
 variable "nlb_security_group" {
-  type        = string
+  type = string
 }
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 2f9aacc6..60e51e51 100644
--- a/variables.tf
+++ b/variables.tf
@@ -271,13 +271,13 @@ variable "allowed_private_endpoint_cidr" {
   description = "Private CIDRs allowed to access wandb-server."
   nullable    = false
   type        = list(string)
-  default = []
+  default     = []
 }
 
 variable "private_only_traffic" {
   description = "Enable private only traffic from customer private network"
-  type = bool
-  default = false
+  type        = bool
+  default     = false
 }
 
 ##########################################
@@ -351,6 +351,18 @@ variable "kubernetes_node_count" {
   default     = 2
 }
 
+variable "min_node_count" {
+  description = "Number of nodes"
+  type        = number
+  default     = 1
+}
+
+variable "max_node_count" {
+  description = "Number of nodes"
+  type        = number
+  default     = 6
+}
+
 variable "eks_policy_arns" {
   type        = list(string)
   description = "Additional IAM policy to apply to the EKS cluster"
@@ -456,12 +468,12 @@ variable "parquet_wandb_env" {
 }
 
 variable "enable_yace" {
-  type = bool
+  type        = bool
   description = "deploy yet another cloudwatch exporter to fetch aws resources metrics"
-  default = true
+  default     = true
 }
 
 variable "yace_sa_name" {
-  type = string
+  type    = string
   default = "wandb-yace"
 }
\ No newline at end of file

From 0d5bc824fa055d703ffffd28253aec71165d14af Mon Sep 17 00:00:00 2001
From: velotioaastha <aastha.gupta@velotio.com>
Date: Tue, 9 Jul 2024 16:55:49 -0400
Subject: [PATCH 2/2] Implement autoscaling in Kubernetes for Terraform EKS

---
 deployment-size.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/deployment-size.tf b/deployment-size.tf
index 68f80dd0..8dce5edd 100644
--- a/deployment-size.tf
+++ b/deployment-size.tf
@@ -18,8 +18,8 @@ locals {
       node_count     = 2,
       node_instance  = "r6i.xlarge",
       cache          = "cache.m6g.large",
-      min_node_count = 1,
-      max_node_count = 4
+      min_node_count = 2,
+      max_node_count = 5
     },
     large = {
       db             = "db.r6g.2xlarge",