From 8bbdb542de539401d8e5b5ba366baa86d303bdf9 Mon Sep 17 00:00:00 2001 From: Martin Hrabovcin Date: Mon, 9 Mar 2020 17:41:24 +0100 Subject: [PATCH] cluster-autoscaler: initial commit (#496) --- stable/cluster-autoscaler/.helmignore | 21 ++ stable/cluster-autoscaler/Chart.yaml | 14 + stable/cluster-autoscaler/OWNERS | 4 + stable/cluster-autoscaler/README.md | 331 ++++++++++++++++++ stable/cluster-autoscaler/templates/NOTES.txt | 18 + .../cluster-autoscaler/templates/_helpers.tpl | 84 +++++ .../templates/clusterrole.yaml | 146 ++++++++ .../templates/clusterrolebinding.yaml | 16 + .../templates/deployment.yaml | 213 +++++++++++ stable/cluster-autoscaler/templates/pdb.yaml | 13 + .../templates/podsecuritypolicy.yaml | 46 +++ stable/cluster-autoscaler/templates/role.yaml | 25 ++ .../templates/rolebinding.yaml | 16 + .../cluster-autoscaler/templates/secret.yaml | 20 ++ .../cluster-autoscaler/templates/service.yaml | 33 ++ .../templates/serviceaccount.yaml | 11 + .../templates/servicemonitor.yaml | 24 ++ stable/cluster-autoscaler/values.yaml | 203 +++++++++++ 18 files changed, 1238 insertions(+) create mode 100644 stable/cluster-autoscaler/.helmignore create mode 100644 stable/cluster-autoscaler/Chart.yaml create mode 100644 stable/cluster-autoscaler/OWNERS create mode 100644 stable/cluster-autoscaler/README.md create mode 100644 stable/cluster-autoscaler/templates/NOTES.txt create mode 100644 stable/cluster-autoscaler/templates/_helpers.tpl create mode 100644 stable/cluster-autoscaler/templates/clusterrole.yaml create mode 100644 stable/cluster-autoscaler/templates/clusterrolebinding.yaml create mode 100644 stable/cluster-autoscaler/templates/deployment.yaml create mode 100644 stable/cluster-autoscaler/templates/pdb.yaml create mode 100644 stable/cluster-autoscaler/templates/podsecuritypolicy.yaml create mode 100644 stable/cluster-autoscaler/templates/role.yaml create mode 100644 stable/cluster-autoscaler/templates/rolebinding.yaml create mode 100644 stable/cluster-autoscaler/templates/secret.yaml create mode 100644 stable/cluster-autoscaler/templates/service.yaml create mode 100644 stable/cluster-autoscaler/templates/serviceaccount.yaml create mode 100644 stable/cluster-autoscaler/templates/servicemonitor.yaml create mode 100644 stable/cluster-autoscaler/values.yaml diff --git a/stable/cluster-autoscaler/.helmignore b/stable/cluster-autoscaler/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/stable/cluster-autoscaler/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/stable/cluster-autoscaler/Chart.yaml b/stable/cluster-autoscaler/Chart.yaml new file mode 100644 index 000000000..b9a30f99a --- /dev/null +++ b/stable/cluster-autoscaler/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +description: Scales worker nodes within autoscaling groups. +icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png +name: cluster-autoscaler +version: 7.1.0 +appVersion: 1.17.1 +home: https://github.com/kubernetes/autoscaler +sources: +- https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler +- https://github.com/spotinst/kubernetes-autoscaler/tree/master/cluster-autoscaler +maintainers: +- name: mhrabovcin + email: mhrabovcin.c@d2iq.com +engine: gotpl diff --git a/stable/cluster-autoscaler/OWNERS b/stable/cluster-autoscaler/OWNERS new file mode 100644 index 000000000..3261178b7 --- /dev/null +++ b/stable/cluster-autoscaler/OWNERS @@ -0,0 +1,4 @@ +approvers: +- yurrriq +reviewers: +- yurrriq diff --git a/stable/cluster-autoscaler/README.md b/stable/cluster-autoscaler/README.md new file mode 100644 index 000000000..f1c9c4085 --- /dev/null +++ b/stable/cluster-autoscaler/README.md @@ -0,0 +1,331 @@ +# cluster-autoscaler + +[The cluster autoscaler](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler) scales worker nodes within an AWS autoscaling group (ASG) or Spotinst Elastigroup. + +Cluster Autoscaler version: **v1.17.1** + +## TL;DR: + +```console +$ helm install stable/cluster-autoscaler --name my-release --set "autoscalingGroups[0].name=your-asg-name,autoscalingGroups[0].maxSize=10,autoscalingGroups[0].minSize=1" +``` + +## Introduction + +This chart bootstraps a cluster-autoscaler deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + + - Kubernetes 1.8+ +> [older versions](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler#releases) may work by overriding the `image`. Cluster-autoscaler internally simulates the scheduler and bugs between mismatched versions may be subtle. + - Azure AKS specific Prerequisites: + - Kubernetes 1.10+ with RBAC-enabled + +## Upgrading from <2.X + +In order to upgrade to chart version to 2.X from 1.X or 0.X, deleting the old helm release first is required. + +```console +$ helm del --purge my-release +``` + +Once the old release is deleted, the new 2.X release can be installed using the standard instructions. +Note that autoscaling will not occur during the time between deletion and installation. + +## Upgrading from 4.X to 5.X + +In order to upgrade to chart version 5.X from <=4.X, deleting the old helm release first is required. + +```console +$ helm del --purge my-release +``` + +Once the old release is deleted, the new 5.X release can be installed using the standard instructions. +Note that autoscaling will not occur during the time between deletion and installation. + +## Installing the Chart + +**By default, no deployment is created and nothing will autoscale**. + +You must provide some minimal configuration, either to specify instance groups or enable auto-discovery. It is not recommended to do both. + +Either: + - set `autoDiscovery.clusterName` and tag your autoscaling groups appropriately (`--cloud-provider=aws` only) **or** + - set at least one ASG as an element in the `autoscalingGroups` array with its three values: `name`, `minSize` and `maxSize`. + +To install the chart with the release name `my-release`: + +### Using auto-discovery of tagged instance groups + +#### AWS + +Auto-discovery finds ASGs tags as below and automatically manages them based on the min and max size specified in the ASG. `cloudProvider=aws` only. + +1) tag the ASGs with keys to match `.Values.autoDiscovery.tags`, by default: `k8s.io/cluster-autoscaler/enabled` and `k8s.io/cluster-autoscaler/` +2) verify the [IAM Permissions](#iam) +3) set `autoDiscovery.clusterName=` +4) set `awsRegion=` +5) set `awsAccessKeyID=` and `awsSecretAccessKey=` if you want to [use AWS credentials directly instead of an instance role](https://github.com/kubernetes/autoscaler/blob/5ac706fdfa5601348f33d5b634e62de6655bb9bf/cluster-autoscaler/cloudprovider/aws/README.md#using-aws-credentials) + +```console +$ helm install stable/cluster-autoscaler --name my-release --set autoDiscovery.clusterName= +``` + +The [auto-discovery](#auto-discovery) section provides more details and examples + +#### GCE +##### Required parameters +- `autoDiscovery.clusterName=any-name` +- `--cloud-provider=gce` +- `autoscalingGroupsnamePrefix[0].name=your-ig-prefix,autoscalingGroupsnamePrefix[0].maxSize=10,autoscalingGroupsnamePrefix[0].minSize=1` + +To use Managed Instance Group (MIG) auto-discovery, provide a YAML file setting `autoscalingGroupsnamePrefix` (see values.yaml) or use `--set` when installing the Chart - e.g. + +```console +$ helm install stable/cluster-autoscaler \ +--name my-release \ +--set autoDiscovery.clusterName= \ +--set cloudProvider=gce \ +--set "autoscalingGroupsnamePrefix[0].name=your-ig-prefix,autoscalingGroupsnamePrefix[0].maxSize=10,autoscalingGroupsnamePrefix[0].minSize=1" +``` + +Note that `your-ig-prefix` should be a _prefix_ matching one or more MIGs, and _not_ the full name of the MIG. For example, to match multiple instance groups - `k8s-node-group-a-standard`, `k8s-node-group-b-gpu`, you would use a prefix of `k8s-node-group-`. + +In the event you want to explicitly specify MIGs instead of using auto-discovery, set members of the `autoscalingGroups` array directly - e.g. + +``` +# where 'n' is the index, starting at 0 +-- set autoscalingGroups[n].name=https://content.googleapis.com/compute/v1/projects/$PROJECTID/zones/$ZONENAME/instanceGroupManagers/$FULL-MIG-NAME,autoscalingGroups[n].maxSize=$MAXSIZE,autoscalingGroups[n].minSize=$MINSIZE +``` + +#### Azure AKS +##### Required Parameters +- `cloudProvider=azure` +- `autoscalingGroups[0].name=your-agent-pool,autoscalingGroups[0].maxSize=10,autoscalingGroups[0].minSize=1` +- `azureClientID: "your-service-principal-app-id"` +- `azureClientSecret: "your-service-principal-client-secret"` +- `azureSubscriptionID: "your-azure-subscription-id"` +- `azureTenantID: "your-azure-tenant-id"` +- `azureClusterName: "your-aks-cluster-name"` +- `azureResourceGroup: "your-aks-cluster-resource-group-name"` +- `azureVMType: "AKS"` +- `azureNodeResourceGroup: "your-aks-cluster-node-resource-group"` + + +### Specifying groups manually (only aws) + +Without autodiscovery, specify an array of elements each containing ASG name, min size, max size. The sizes specified here will be applied to the ASG, assuming IAM permissions are correctly configured. + +1) verify the [IAM Permissions](#iam) +2) Either provide a yaml file setting `autoscalingGroups` (see values.yaml) or use `--set` e.g.: + +```console +$ helm install stable/cluster-autoscaler --name my-release --set "autoscalingGroups[0].name=your-asg-name,autoscalingGroups[0].maxSize=10,autoscalingGroups[0].minSize=1" +``` + +## Uninstalling the Chart + +To uninstall `my-release`: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +> **Tip**: List all releases using `helm list` or start clean with `helm delete --purge my-release` + +## Configuration + +The following table lists the configurable parameters of the cluster-autoscaler chart and their default values. + +Parameter | Description | Default +--- | --- | --- +`affinity` | node/pod affinities | None +`autoDiscovery.clusterName` | enable autodiscovery for name in ASG tag (only `cloudProvider=aws`). Must be set for `cloudProvider=gce`, but no MIG tagging required.| `""` **required unless autoscalingGroups[] provided** +`autoDiscovery.tags` | ASG tags to match, run through `tpl` | `[ "k8s.io/cluster-autoscaler/enabled", "k8s.io/cluster-autoscaler/{{ .Values.autoDiscovery.clusterName }}" ]` +`autoscalingGroups[].name` | autoscaling group name | None. Required unless `autoDiscovery.enabled=true` +`autoscalingGroups[].maxSize` | maximum autoscaling group size | None. Required unless `autoDiscovery.enabled=true` +`autoscalingGroups[].minSize` | minimum autoscaling group size | None. Required unless `autoDiscovery.enabled=true` +`awsRegion` | AWS region (required if `cloudProvider=aws`) | `us-east-1` +`awsAccessKeyID` | AWS access key ID ([if AWS user keys used](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md#using-aws-credentials)) | `""` +`awsSecretAccessKey` | AWS access secret key ([if AWS user keys used](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md#using-aws-credentials)) | `""` +`autoscalingGroupsnamePrefix[].name` | GCE MIG name prefix (the full name is invalid) | None. Required for `cloudProvider=gce` +`autoscalingGroupsnamePrefix[].maxSize` | maximum MIG size | None. Required for `cloudProvider=gce` +`autoscalingGroupsnamePrefix[].minSize` | minimum MIG size | None. Required for `cloudProvider=gce` +`cloudProvider` | `aws` or `spotinst` are currently supported for AWS. `gce` for GCE. `azure` for Azure AKS | `aws` +`image.repository` | Image | `k8s.gcr.io/cluster-autoscaler` +`image.tag` | Image tag | `v1.13.1` +`image.pullPolicy` | Image pull policy | `IfNotPresent` +`image.pullSecrets` | Image pull secrets | `[]` +`extraArgs` | additional container arguments | `{}` +`podDisruptionBudget` | Pod disruption budget | `maxUnavailable: 1` +`extraEnv` | additional container environment variables | `{}` +`envFromConfigMap` | additional container environment variables from a configmap | `{}` +`envFromSecret` | secret name containing keys that will be exposed as envs | `nil` +`extraEnvSecrets` | additional container environment variables from a secret | `{}` +`fullnameOverride` | String to fully override cluster-autoscaler.fullname template | `""` +`nameOverride` | String to partially override cluster-autoscaler.fullname template (will maintain the release name) | `""` +`nodeSelector` | node labels for pod assignment | `{}` +`podAnnotations` | annotations to add to each pod | `{}` +`rbac.create` | If true, create & use RBAC resources | `false` +`rbac.serviceAccount.create` | If true and rbac.create is also true, a service account will be created | `true` +`rbac.serviceAccount.name` | existing ServiceAccount to use (ignored if rbac.create=true and rbac.serviceAccount.create=true) | `default` +`rbac.serviceAccountAnnotations` | Additional Service Account annotations | `{}` +`rbac.pspEnabled` | Must be used with `rbac.create` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` +`replicaCount` | desired number of pods | `1` +`priorityClassName` | priorityClassName | `nil` +`dnsPolicy` | dnsPolicy | `nil` +`securityContext` | [Security context for pod](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | `nil` +`containerSecurityContext` | [Security context for container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | `nil` +`resources` | pod resource requests & limits | `{}` +`updateStrategy` | [Deployment update strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | `nil` +`service.annotations` | annotations to add to service | none +`service.externalIPs` | service external IP addresses | `[]` +`service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` +`service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` +`service.servicePort` | service port to expose | `8085` +`service.portName` | name for service port | `http` +`service.type` | type of service to create | `ClusterIP` +`spotinst.account` | Spotinst Account ID (required if `cloudprovider=spotinst`) | `""` +`spotinst.token` | Spotinst API token (required if `cloudprovider=spotinst`) | `""` +`spotinst.image.repository` | Image (used if `cloudProvider=spotinst`) | `spotinst/kubernetes-cluster-autoscaler` +`spotinst.image.tag` | Image tag (used if `cloudProvider=spotinst`) | `v0.6.0` +`spotinst.image.pullPolicy` | Image pull policy (used if `cloudProvider=spotinst`) | `IfNotPresent` +`tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` +`serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor | `false` +`serviceMonitor.interval` | Interval that Prometheus scrapes Cluster Autoscaler metrics | `10s` +`serviceMonitor.namespace` | Namespace which Prometheus is running in | `monitoring` +`serviceMonitor.path` | The path to scrape for metrics | `/metrics` +`serviceMonitor.selector` | Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install | `{ prometheus: kube-prometheus }` +`azureClientID` | Service Principal ClientID with contributor permission to Cluster and Node ResourceGroup | none +`azureClientSecret` | Service Principal ClientSecret with contributor permission to Cluster and Node ResourceGroup | none +`azureSubscriptionID` | Azure subscription where the resources are located | none +`azureTenantID` | Azure tenant where the resources are located | none +`azureClusterName` | Azure AKS cluster name | none +`azureResourceGroup` | Azure resource group that the cluster is located | none +`azureVMType: "AKS"` | Azure VM type | `AKS` +`azureNodeResourceGroup` | azure resource group where the clusters Nodes are located, typically set as `MC___` | none +`azureUseManagedIdentityExtension` | Whether to use Azure's managed identity extension for credentials | false +`kubeTargetVersionOverride` | Override the .Capabilities.KubeVersion.GitVersion | `""` + +Specify each parameter you'd like to override using a YAML file as described above in the [installation](#installing-the-chart) section or by using the `--set key=value[,key=value]` argument to `helm install`. For example, to change the region and [expander](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders): + +```console +$ helm install stable/cluster-autoscaler --name my-release \ + --set extraArgs.expander=most-pods \ + --set awsRegion=us-west-1 +``` + +## IAM + +The worker running the cluster autoscaler will need access to certain resources and actions: + +``` +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeTags", + "autoscaling:SetDesiredCapacity", + "autoscaling:TerminateInstanceInAutoScalingGroup" + ], + "Resource": "*" + } + ] +} +``` + + - `DescribeTags` is required for autodiscovery. + - `DescribeLaunchconfigurations` is required to scale up an ASG from 0 + +Unfortunately AWS does not support ARNs for autoscaling groups yet so you must use "*" as the resource. More information [here](http://docs.aws.amazon.com/autoscaling/latest/userguide/IAM.html#UsingWithAutoScaling_Actions). + +# IAM Roles for Service Accounts (IRSA) + +For Kubernetes clusters that use Amazon EKS, the service account can be configured with an IAM role using [IAM Roles for Service Accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) to avoid needing to grant access to the worker nodes for AWS resources. + +In order to accomplish this, you will first need to create a new IAM role with the above mentions policies. Take care in [configuring the trust relationship](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html#iam-role-configuration) to restrict access just to the service account used by cluster autoscaler. + +Once you have the IAM role configured, you would then need to `--set rbac.serviceAccountAnnotations."eks\.amazonaws\.com/role-arn"=arn:aws:iam::123456789012:role/MyRoleName` when installing. + + +## Auto-discovery + +For auto-discovery of instances to work, they must be tagged with the keys in `.Values.autoDiscovery.tags`, which by default are +`k8s.io/cluster-autoscaler/enabled` and `k8s.io/cluster-autoscaler/` + +The value of the tag does not matter, only the key. + +An example kops spec excerpt: + +``` +apiVersion: kops/v1alpha2 +kind: Cluster +metadata: + name: my.cluster.internal +spec: + additionalPolicies: + node: | + [ + {"Effect":"Allow","Action":["autoscaling:DescribeAutoScalingGroups","autoscaling:DescribeAutoScalingInstances","autoscaling:DescribeLaunchConfigurations","autoscaling:DescribeTags","autoscaling:SetDesiredCapacity","autoscaling:TerminateInstanceInAutoScalingGroup"],"Resource":"*"} + ] + ... +--- +apiVersion: kops/v1alpha2 +kind: InstanceGroup +metadata: + labels: + kops.k8s.io/cluster: my.cluster.internal + name: my-instances +spec: + cloudLabels: + k8s.io/cluster-autoscaler/enabled: "" + k8s.io/cluster-autoscaler/my.cluster.internal: "" + image: kope.io/k8s-1.8-debian-jessie-amd64-hvm-ebs-2018-01-14 + machineType: r4.large + maxSize: 4 + minSize: 0 +``` + +In this example you would need to `--set autoDiscovery.clusterName=my.cluster.internal` when installing. + +It is not recommended to try to mix this with setting `autoscalingGroups` + +See [autoscaler AWS documentation](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md#auto-discovery-setup) for a more discussion of the setup + +### Troubleshooting + +The chart will succeed even if the container arguments are incorrect. A few minutes after starting +`kubectl logs -l "app=aws-cluster-autoscaler" --tail=50` should loop through something like + +``` +polling_autoscaler.go:111] Poll finished +static_autoscaler.go:97] Starting main loop +utils.go:435] No pod using affinity / antiaffinity found in cluster, disabling affinity predicate for this loop +static_autoscaler.go:230] Filtering out schedulables +``` + +If not, find a pod that the deployment created and `describe` it, paying close attention to the arguments under `Command`. e.g.: + +``` +Containers: + cluster-autoscaler: + Command: + ./cluster-autoscaler + --cloud-provider=aws +# if specifying ASGs manually + --nodes=1:10:your-scaling-group-name +# if using autodiscovery + --node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/ + --v=4 +``` + +#### PodSecurityPolicy + +Though enough for the majority of installations, the default PodSecurityPolicy _could_ be too restrictive depending on the specifics of your release. Please make sure to check that the template fits with any customizations made or disable it by setting `rbac.pspEnabled` to `false`. diff --git a/stable/cluster-autoscaler/templates/NOTES.txt b/stable/cluster-autoscaler/templates/NOTES.txt new file mode 100644 index 000000000..01c62e7ea --- /dev/null +++ b/stable/cluster-autoscaler/templates/NOTES.txt @@ -0,0 +1,18 @@ +{{- if or .Values.autoDiscovery.clusterName .Values.autoscalingGroups -}} + +To verify that cluster-autoscaler has started, run: + + kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "cluster-autoscaler.name" . }},release={{ .Release.Name }}" + +{{- else -}} + +############################################################################## +#### ERROR: You must specify values for either #### +#### autoDiscovery.clusterName or autoscalingGroups[] #### +############################################################################## + +The deployment and pod will not be created and the installation is not functional +See README: + open https://github.com/kubernetes/charts/tree/master/stable/cluster-autoscaler + +{{- end -}} diff --git a/stable/cluster-autoscaler/templates/_helpers.tpl b/stable/cluster-autoscaler/templates/_helpers.tpl new file mode 100644 index 000000000..1ab8dfdc5 --- /dev/null +++ b/stable/cluster-autoscaler/templates/_helpers.tpl @@ -0,0 +1,84 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "cluster-autoscaler.name" -}} +{{- default (printf "%s-%s" .Values.cloudProvider .Chart.Name) .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "cluster-autoscaler.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default (printf "%s-%s" .Values.cloudProvider .Chart.Name) .Values.nameOverride -}} +{{- if ne $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cluster-autoscaler.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return instance and name labels. +*/}} +{{- define "cluster-autoscaler.instance-name" -}} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +app.kubernetes.io/name: {{ include "cluster-autoscaler.name" . | quote }} +{{- end -}} + + +{{/* +Return labels, including instance and name. +*/}} +{{- define "cluster-autoscaler.labels" -}} +{{ include "cluster-autoscaler.instance-name" . }} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +helm.sh/chart: {{ include "cluster-autoscaler.chart" . | quote }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "deployment.apiVersion" -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "<1.9-0" $kubeTargetVersion -}} +{{- print "apps/v1beta2" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for podsecuritypolicy. +*/}} +{{- define "podsecuritypolicy.apiVersion" -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "<1.10-0" $kubeTargetVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "policy/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the service account name used by the pod. +*/}} +{{- define "serviceaccount.name" -}} +{{- if and .Values.rbac.create .Values.rbac.serviceAccount.create -}} +{{ include "cluster-autoscaler.fullname" . }} +{{- else -}} +{{ .Values.rbac.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/stable/cluster-autoscaler/templates/clusterrole.yaml b/stable/cluster-autoscaler/templates/clusterrole.yaml new file mode 100644 index 000000000..dc1f4ffd4 --- /dev/null +++ b/stable/cluster-autoscaler/templates/clusterrole.yaml @@ -0,0 +1,146 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: +{{ include "cluster-autoscaler.labels" . | indent 4 }} + name: {{ template "cluster-autoscaler.fullname" . }} +rules: + - apiGroups: + - "" + resources: + - events + - endpoints + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create + - apiGroups: + - "" + resources: + - pods/status + verbs: + - update + - apiGroups: + - "" + resources: + - endpoints + resourceNames: + - cluster-autoscaler + verbs: + - get + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - watch + - list + - get + - update + - apiGroups: + - "" + resources: + - pods + - services + - replicationcontrollers + - persistentvolumeclaims + - persistentvolumes + verbs: + - watch + - list + - get + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - watch + - list + - get + - apiGroups: + - batch + - extensions + resources: + - jobs + verbs: + - get + - list + - patch + - watch + - apiGroups: + - extensions + resources: + - replicasets + - daemonsets + verbs: + - watch + - list + - get + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - watch + - list + - apiGroups: + - apps + resources: + - daemonsets + - replicasets + - statefulsets + verbs: + - watch + - list + - get + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - csinodes + verbs: + - watch + - list + - get + - apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - cluster-autoscaler + resources: + - leases + verbs: + - get + - update +{{- if .Values.rbac.pspEnabled }} + - apiGroups: + - extensions + resources: + - podsecuritypolicies + resourceNames: + - {{ template "cluster-autoscaler.fullname" . }} + verbs: + - use +{{- end -}} + +{{- end -}} diff --git a/stable/cluster-autoscaler/templates/clusterrolebinding.yaml b/stable/cluster-autoscaler/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..414c12779 --- /dev/null +++ b/stable/cluster-autoscaler/templates/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: +{{ include "cluster-autoscaler.labels" . | indent 4 }} + name: {{ template "cluster-autoscaler.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "cluster-autoscaler.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "serviceaccount.name" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/stable/cluster-autoscaler/templates/deployment.yaml b/stable/cluster-autoscaler/templates/deployment.yaml new file mode 100644 index 000000000..5c1ba4ba3 --- /dev/null +++ b/stable/cluster-autoscaler/templates/deployment.yaml @@ -0,0 +1,213 @@ +{{- if or .Values.autoDiscovery.clusterName .Values.autoscalingGroups }} +{{/* one of the above is required */}} +apiVersion: {{ template "deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: +{{ include "cluster-autoscaler.labels" . | indent 4 }} + name: {{ template "cluster-autoscaler.fullname" . }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: +{{ include "cluster-autoscaler.instance-name" . | indent 6 }} + {{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 6 }} + {{- end }} +{{- if .Values.updateStrategy }} + strategy: + {{ toYaml .Values.updateStrategy | nindent 4 | trim }} +{{- end }} + template: + metadata: + {{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + labels: +{{ include "cluster-autoscaler.instance-name" . | indent 8 }} + {{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: "{{ .Values.dnsPolicy }}" + {{- end }} + containers: + - name: {{ template "cluster-autoscaler.name" . }} + {{- if eq .Values.cloudProvider "spotinst" }} + image: "{{ .Values.spotinst.image.repository }}:{{ .Values.spotinst.image.tag }}" + imagePullPolicy: "{{ .Values.spotinst.image.pullPolicy }}" + {{- else }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- end }} + command: + - ./cluster-autoscaler + - --cloud-provider={{ .Values.cloudProvider }} + - --namespace={{ .Release.Namespace }} + {{- if .Values.autoscalingGroups }} + {{- range .Values.autoscalingGroups }} + - --nodes={{ .minSize }}:{{ .maxSize }}:{{ .name }} + {{- end }} + {{- end }} + {{- if eq .Values.cloudProvider "aws" }} + {{- if .Values.autoDiscovery.clusterName }} + - --node-group-auto-discovery=asg:tag={{ tpl (join "," .Values.autoDiscovery.tags) . }} + {{- end }} + {{- else if eq .Values.cloudProvider "gce" }} + {{- if .Values.autoscalingGroupsnamePrefix }} + {{- range .Values.autoscalingGroupsnamePrefix }} + - --node-group-auto-discovery=mig:namePrefix={{ .name }},min={{ .minSize }},max={{ .maxSize }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq .Values.cloudProvider "gce" }} + - --cloud-config={{ .Values.cloudConfigPath }} + {{- end }} + {{- range $key, $value := .Values.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + + env: + {{- if and (eq .Values.cloudProvider "aws") (ne .Values.awsRegion "") }} + - name: AWS_REGION + value: "{{ .Values.awsRegion }}" + {{- if .Values.awsAccessKeyID }} + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: AwsAccessKeyId + name: {{ template "cluster-autoscaler.fullname" . }} + {{- end }} + {{- if .Values.awsSecretAccessKey }} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: AwsSecretAccessKey + name: {{ template "cluster-autoscaler.fullname" . }} + {{- end }} + {{- else if eq .Values.cloudProvider "spotinst" }} + - name: SPOTINST_TOKEN + value: "{{ .Values.spotinst.token }}" + - name: SPOTINST_ACCOUNT + value: "{{ .Values.spotinst.account }}" + {{- else if eq .Values.cloudProvider "azure" }} + - name: ARM_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + key: SubscriptionID + name: {{ template "cluster-autoscaler.fullname" . }} + - name: ARM_RESOURCE_GROUP + valueFrom: + secretKeyRef: + key: ResourceGroup + name: {{ template "cluster-autoscaler.fullname" . }} + - name: ARM_VM_TYPE + valueFrom: + secretKeyRef: + key: VMType + name: {{ template "cluster-autoscaler.fullname" . }} + {{- if .Values.azureUseManagedIdentityExtension }} + - name: ARM_USE_MANAGED_IDENTITY_EXTENSION + value: "true" + {{- else }} + - name: ARM_TENANT_ID + valueFrom: + secretKeyRef: + key: TenantID + name: {{ template "cluster-autoscaler.fullname" . }} + - name: ARM_CLIENT_ID + valueFrom: + secretKeyRef: + key: ClientID + name: {{ template "cluster-autoscaler.fullname" . }} + - name: ARM_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: ClientSecret + name: {{ template "cluster-autoscaler.fullname" . }} + - name: AZURE_CLUSTER_NAME + valueFrom: + secretKeyRef: + key: ClusterName + name: {{ template "cluster-autoscaler.fullname" . }} + - name: AZURE_NODE_RESOURCE_GROUP + valueFrom: + secretKeyRef: + key: NodeResourceGroup + name: {{ template "cluster-autoscaler.fullname" . }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.extraEnv }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- range $key, $value := .Values.envFromConfigMap }} + - name: {{ $key }} + valueFrom: + configMapKeyRef: + name: {{ default (include "cluster-autoscaler.fullname" $) $value.name }} + key: {{ required "Must specify key!" $value.key }} + {{- end }} + {{- range $key, $value := .Values.extraEnvSecrets }} + - name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ default (include "cluster-autoscaler.fullname" $) $value.name }} + key: {{ required "Must specify key!" $value.key }} + {{- end }} + {{- if .Values.envFromSecret }} + envFrom: + - secretRef: + name: {{ .Values.envFromSecret }} + {{- end }} + livenessProbe: + httpGet: + path: /health-check + port: 8085 + ports: + - containerPort: 8085 + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- if .Values.containerSecurityContext }} + securityContext: + {{ toYaml .Values.containerSecurityContext | nindent 12 | trim }} + {{- end }} + {{- if eq .Values.cloudProvider "gce" }} + volumeMounts: + - name: cloudconfig + mountPath: {{ .Values.cloudConfigPath }} + readOnly: true + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + serviceAccountName: {{ template "serviceaccount.name" . }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- if .Values.securityContext }} + securityContext: + {{ toYaml .Values.securityContext | nindent 8 | trim }} + {{- end }} + {{- if eq .Values.cloudProvider "gce" }} + volumes: + - name: cloudconfig + hostPath: + path: {{ .Values.cloudConfigPath }} + {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/stable/cluster-autoscaler/templates/pdb.yaml b/stable/cluster-autoscaler/templates/pdb.yaml new file mode 100644 index 000000000..a6ad12950 --- /dev/null +++ b/stable/cluster-autoscaler/templates/pdb.yaml @@ -0,0 +1,13 @@ +{{- if .Values.podDisruptionBudget -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: +{{ include "cluster-autoscaler.labels" . | indent 4 }} + name: {{ template "cluster-autoscaler.fullname" . }} +spec: + selector: + matchLabels: +{{ include "cluster-autoscaler.instance-name" . | indent 6 }} +{{ .Values.podDisruptionBudget | indent 2 }} +{{- end -}} diff --git a/stable/cluster-autoscaler/templates/podsecuritypolicy.yaml b/stable/cluster-autoscaler/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..28369bf92 --- /dev/null +++ b/stable/cluster-autoscaler/templates/podsecuritypolicy.yaml @@ -0,0 +1,46 @@ +{{- if .Values.rbac.pspEnabled }} +apiVersion: {{ template "podsecuritypolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: {{ template "cluster-autoscaler.fullname" . }} + labels: +{{ include "cluster-autoscaler.labels" . | indent 4 }} +spec: + # Prevents running in privileged mode + privileged: false + # Required to prevent escalations to root. + allowPrivilegeEscalation: false + requiredDropCapabilities: + - ALL + volumes: + - 'configMap' + - 'secret' + - 'hostPath' + - 'emptyDir' + - 'projected' + - 'downwardAPI' +{{- if eq .Values.cloudProvider "gce" }} + allowedHostPaths: + - pathPrefix: {{ .Values.cloudConfigPath }} +{{- end }} + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/stable/cluster-autoscaler/templates/role.yaml b/stable/cluster-autoscaler/templates/role.yaml new file mode 100644 index 000000000..63cc4415b --- /dev/null +++ b/stable/cluster-autoscaler/templates/role.yaml @@ -0,0 +1,25 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: +{{ include "cluster-autoscaler.labels" . | indent 4 }} + name: {{ template "cluster-autoscaler.fullname" . }} +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + - cluster-autoscaler-status + verbs: + - delete + - get + - update +{{- end -}} diff --git a/stable/cluster-autoscaler/templates/rolebinding.yaml b/stable/cluster-autoscaler/templates/rolebinding.yaml new file mode 100644 index 000000000..e978d3cec --- /dev/null +++ b/stable/cluster-autoscaler/templates/rolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: +{{ include "cluster-autoscaler.labels" . | indent 4 }} + name: {{ template "cluster-autoscaler.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "cluster-autoscaler.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "serviceaccount.name" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/stable/cluster-autoscaler/templates/secret.yaml b/stable/cluster-autoscaler/templates/secret.yaml new file mode 100644 index 000000000..3f0ef09e2 --- /dev/null +++ b/stable/cluster-autoscaler/templates/secret.yaml @@ -0,0 +1,20 @@ +{{- if or (eq .Values.cloudProvider "azure") (and (eq .Values.cloudProvider "aws") (not (has "" (list .Values.awsAccessKeyID .Values.awsSecretAccessKey)))) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "cluster-autoscaler.fullname" . }} +data: +{{- if eq .Values.cloudProvider "azure" }} + ClientID: "{{ .Values.azureClientID | b64enc }}" + ClientSecret: "{{ .Values.azureClientSecret | b64enc }}" + ResourceGroup: "{{ .Values.azureResourceGroup | b64enc }}" + SubscriptionID: "{{ .Values.azureSubscriptionID | b64enc }}" + TenantID: "{{ .Values.azureTenantID | b64enc }}" + VMType: "{{ .Values.azureVMType | b64enc }}" + ClusterName: "{{ .Values.azureClusterName | b64enc }}" + NodeResourceGroup: "{{ .Values.azureNodeResourceGroup | b64enc }}" +{{- else if eq .Values.cloudProvider "aws" }} + AwsAccessKeyId: "{{ .Values.awsAccessKeyID | b64enc }}" + AwsSecretAccessKey: "{{ .Values.awsSecretAccessKey | b64enc }}" +{{- end }} +{{- end }} diff --git a/stable/cluster-autoscaler/templates/service.yaml b/stable/cluster-autoscaler/templates/service.yaml new file mode 100644 index 000000000..3c6899940 --- /dev/null +++ b/stable/cluster-autoscaler/templates/service.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} + labels: +{{ include "cluster-autoscaler.labels" . | indent 4 }} + name: {{ template "cluster-autoscaler.fullname" . }} +spec: +{{- if .Values.service.clusterIP }} + clusterIP: "{{ .Values.service.clusterIP }}" +{{- end }} +{{- if .Values.service.externalIPs }} + externalIPs: +{{ toYaml .Values.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" +{{- end }} +{{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} + ports: + - port: {{ .Values.service.servicePort }} + protocol: TCP + targetPort: 8085 + name: {{ .Values.service.portName }} + selector: +{{ include "cluster-autoscaler.instance-name" . | indent 4 }} + type: "{{ .Values.service.type }}" diff --git a/stable/cluster-autoscaler/templates/serviceaccount.yaml b/stable/cluster-autoscaler/templates/serviceaccount.yaml new file mode 100644 index 000000000..cb412c94e --- /dev/null +++ b/stable/cluster-autoscaler/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.rbac.create .Values.rbac.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: +{{ include "cluster-autoscaler.labels" . | indent 4 }} + name: {{ template "cluster-autoscaler.fullname" . }} +{{- end -}} +{{- if .Values.rbac.serviceAccountAnnotations }} + annotations: {{ toYaml .Values.rbac.serviceAccountAnnotations | nindent 4 }} +{{- end }} diff --git a/stable/cluster-autoscaler/templates/servicemonitor.yaml b/stable/cluster-autoscaler/templates/servicemonitor.yaml new file mode 100644 index 000000000..6b8e0c42f --- /dev/null +++ b/stable/cluster-autoscaler/templates/servicemonitor.yaml @@ -0,0 +1,24 @@ +{{ if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "cluster-autoscaler.fullname" . }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- end }} + labels: + {{- range $key, $value := .Values.serviceMonitor.selector }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + selector: + matchLabels: +{{ include "cluster-autoscaler.instance-name" . | indent 6 }} + endpoints: + - port: {{ .Values.service.portName }} + interval: {{ .Values.serviceMonitor.interval }} + path: {{ .Values.serviceMonitor.path }} + namespaceSelector: + matchNames: + - {{.Release.Namespace}} +{{ end }} diff --git a/stable/cluster-autoscaler/values.yaml b/stable/cluster-autoscaler/values.yaml new file mode 100644 index 000000000..f305631c8 --- /dev/null +++ b/stable/cluster-autoscaler/values.yaml @@ -0,0 +1,203 @@ +autoDiscovery: +# Only cloudProvider `aws` and `gce` are supported by auto-discovery at this time +# AWS: Set tags as described in https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md#auto-discovery-setup + clusterName: # cluster.local + tags: + - k8s.io/cluster-autoscaler/enabled + - k8s.io/cluster-autoscaler/{{ .Values.autoDiscovery.clusterName }} + # - kubernetes.io/cluster/{{ .Values.autoDiscovery.clusterName }} + +autoscalingGroups: [] +# At least one element is required if not using autoDiscovery + # - name: asg1 + # maxSize: 2 + # minSize: 1 + # - name: asg2 + # maxSize: 2 + # minSize: 1 + +autoscalingGroupsnamePrefix: [] +# At least one element is required if not using autoDiscovery + # - name: ig01 + # maxSize: 10 + # minSize: 0 + # - name: ig02 + # maxSize: 10 + # minSize: 0 + +# Required if cloudProvider=aws +awsRegion: us-east-1 +awsAccessKeyID: "" +awsSecretAccessKey: "" + +# Required if cloudProvider=azure +# clientID/ClientSecret with contributor permission to Cluster and Node ResourceGroup +azureClientID: "" +azureClientSecret: "" +# Cluster resource Group +azureResourceGroup: "" +azureSubscriptionID: "" +azureTenantID: "" +# if using AKS azureVMType should be set to "AKS" +azureVMType: "AKS" +azureClusterName: "" +azureNodeResourceGroup: "" +# if using MSI, ensure subscription ID and resource group are set +azureUseManagedIdentityExtension: false + +# Currently only `gce`, `aws`, `azure` & `spotinst` are supported +cloudProvider: aws + +# Configuration file for cloud provider +cloudConfigPath: /etc/gce.conf + +image: + repository: k8s.gcr.io/cluster-autoscaler + tag: v1.17.1 + pullPolicy: IfNotPresent + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + +tolerations: [] + +## Extra ENV passed to the container +extraEnv: {} + +extraArgs: + v: 4 + stderrthreshold: info + logtostderr: true + # write-status-configmap: true + # leader-elect: true + # skip-nodes-with-local-storage: false + # expander: least-waste + # scale-down-enabled: true + # balance-similar-node-groups: true + # min-replica-count: 2 + # scale-down-utilization-threshold: 0.5 + # scale-down-non-empty-candidates-count: 5 + # max-node-provision-time: 15m0s + # scan-interval: 10s + # scale-down-delay: 10m + # scale-down-unneeded-time: 10m + # skip-nodes-with-local-storage: false + # skip-nodes-with-system-pods: true + +## Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## affinity: {} + +podDisruptionBudget: | + maxUnavailable: 1 + # minAvailable: 2 + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +podAnnotations: {} +podLabels: {} +replicaCount: 1 + +rbac: + ## If true, create & use RBAC resources + ## + create: false + ## If true, create & use Pod Security Policy resources + ## https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + pspEnabled: false + ## if rbac.create is false or (if rbac.create is true and rbac.serviceAccount.create is false) + ## the service account rbac.serviceAccount.name will be used instead + serviceAccount: + create: true + name: default + ## Annotations for the Service Account + ## + serviceAccountAnnotations: {} + +resources: {} + # limits: + # cpu: 100m + # memory: 300Mi + # requests: + # cpu: 100m + # memory: 300Mi + +priorityClassName: "" + +# Defaults to "ClusterFirst". Valid values are +# 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None' +# autoscaler does not depend on cluster DNS, recommended to set this to "Default" +# dnsPolicy: "Default" + +## Security context for pod +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +# securityContext: +# runAsNonRoot: true +# runAsUser: 1001 +# runAsGroup: 1001 + +## Security context for container +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +# containerSecurityContext: +# capabilities: +# drop: +# - all + +## Deployment update strategy +## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +# updateStrategy: +# rollingUpdate: +# maxSurge: 1 +# maxUnavailable: 0 +# type: RollingUpdate + +service: + annotations: {} + + ## List of IP addresses at which the service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 8085 + portName: http + type: ClusterIP + +spotinst: + account: "" + token: "" + image: + repository: spotinst/kubernetes-cluster-autoscaler + tag: 0.6.0 + pullPolicy: IfNotPresent + +## Are you using Prometheus Operator? +serviceMonitor: + enabled: false + interval: "10s" + # Namespace Prometheus is installed in + namespace: monitoring + ## Defaults to whats used if you follow CoreOS [Prometheus Install Instructions](https://github.com/helm/charts/tree/master/stable/prometheus-operator#tldr) + ## [Prometheus Selector Label](https://github.com/helm/charts/tree/master/stable/prometheus-operator#prometheus-operator-1) + ## [Kube Prometheus Selector Label](https://github.com/helm/charts/tree/master/stable/prometheus-operator#exporters) + selector: + prometheus: kube-prometheus + # The metrics path to scrape - autoscaler exposes /metrics (standard) + path: /metrics + +## String to partially override cluster-autoscaler.fullname template (will maintain the release name) +nameOverride: "" + +## String to fully override cluster-autoscaler.fullname template +fullnameOverride: "" + +# Allow overridding the .Capabilities.KubeVersion.GitVersion (useful for "helm template" command) +kubeTargetVersionOverride: ""