From c894ae49809b58265e68f0bc4d3a7646d08972de Mon Sep 17 00:00:00 2001 From: Friedrich Gonzalez Date: Tue, 1 Aug 2023 15:49:17 +0200 Subject: [PATCH 1/4] Add experimental auth-gateway Signed-off-by: Friedrich Gonzalez --- CHANGELOG.md | 1 + .../auth-gateway/_helpers-auth-gateway.tpl | 23 ++++ .../auth-gateway/auth-gateway-config.yaml | 12 ++ templates/auth-gateway/auth-gateway-dep.yaml | 104 ++++++++++++++++++ templates/auth-gateway/auth-gateway-hpa.yaml | 42 +++++++ .../auth-gateway/auth-gateway-ingress.yaml | 40 +++++++ .../auth-gateway-poddisruptionbudget.yaml | 14 +++ templates/auth-gateway/auth-gateway-svc.yaml | 23 ++++ 8 files changed, 259 insertions(+) create mode 100644 templates/auth-gateway/_helpers-auth-gateway.tpl create mode 100644 templates/auth-gateway/auth-gateway-config.yaml create mode 100644 templates/auth-gateway/auth-gateway-dep.yaml create mode 100644 templates/auth-gateway/auth-gateway-hpa.yaml create mode 100755 templates/auth-gateway/auth-gateway-ingress.yaml create mode 100644 templates/auth-gateway/auth-gateway-poddisruptionbudget.yaml create mode 100644 templates/auth-gateway/auth-gateway-svc.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 0bf46924..9f22331f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## master / unreleased +* [ENHANCEMENT] Add experimental auth-gateway * [ENHANCEMENT] Add option to autoscale on multiple metrics and custom metrics metrics #467 * [DEPENDENCY] Update quay.io/cortexproject/cortex Docker tag to v1.15.0 #453 * [DEPENDENCY] Update quay.io/cortexproject/cortex Docker tag to v1.15.1 #456 diff --git a/templates/auth-gateway/_helpers-auth-gateway.tpl b/templates/auth-gateway/_helpers-auth-gateway.tpl new file mode 100644 index 00000000..94cb6fd6 --- /dev/null +++ b/templates/auth-gateway/_helpers-auth-gateway.tpl @@ -0,0 +1,23 @@ + +{{/* +auth-gateway fullname +*/}} +{{- define "cortex.authGatewayFullname" -}} +{{ include "cortex.fullname" . }}-auth-gateway +{{- end }} + +{{/* +auth-gateway common labels +*/}} +{{- define "cortex.authGatewayLabels" -}} +{{ include "cortex.labels" . }} +app.kubernetes.io/component: auth-gateway +{{- end }} + +{{/* +auth-gateway selector labels +*/}} +{{- define "cortex.authGatewaySelectorLabels" -}} +{{ include "cortex.selectorLabels" . }} +app.kubernetes.io/component: auth-gateway +{{- end }} diff --git a/templates/auth-gateway/auth-gateway-config.yaml b/templates/auth-gateway/auth-gateway-config.yaml new file mode 100644 index 00000000..3e195691 --- /dev/null +++ b/templates/auth-gateway/auth-gateway-config.yaml @@ -0,0 +1,12 @@ +{{- if .Values.auth_gateway.enabled }} +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "cortex.authGatewayFullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "cortex.authGatewayLabels" . | nindent 4 }} +data: + configuration.yaml: |- + {{- tpl (toYaml .configuration) $ | nindent 4 }} +{{- end }} diff --git a/templates/auth-gateway/auth-gateway-dep.yaml b/templates/auth-gateway/auth-gateway-dep.yaml new file mode 100644 index 00000000..2609c566 --- /dev/null +++ b/templates/auth-gateway/auth-gateway-dep.yaml @@ -0,0 +1,104 @@ +{{- if .Values.auth_gateway.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "cortex.authGatewayFullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "cortex.authGatewayLabels" . | nindent 4 }} + annotations: + {{- toYaml .Values.auth_gateway.annotations | nindent 4 }} +spec: + {{- if not .Values.auth_gateway.autoscaling.enabled }} + replicas: {{ .Values.auth_gateway.replicas }} + {{- end }} + selector: + matchLabels: + {{- include "cortex.authGatewaySelectorLabels" . | nindent 6 }} + strategy: + {{- toYaml .Values.auth_gateway.strategy | nindent 4 }} + template: + metadata: + labels: + {{- include "cortex.authGatewayLabels" . | nindent 8 }} + {{- with .Values.auth_gateway.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/auth-gateway/auth-gateway-config.yaml") . | sha256sum }} + {{- with .Values.auth_gateway.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ .Values.auth_gateway.serviceAccount.name | default (include "cortex.serviceAccountName" . ) }} + {{- if .Values.auth_gateway.priorityClassName }} + priorityClassName: {{ .Values.auth_gateway.priorityClassName }} + {{- end }} + {{- if .Values.auth_gateway.securityContext.enabled }} + securityContext: {{- omit .Values.auth_gateway.securityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- toYaml .Values.auth_gateway.initContainers | nindent 8 }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - name: auth-gateway + image: "{{ .Values.auth_gateway.image.repository }}:{{ .Values.auth_gateway.image.tag }}" + imagePullPolicy: {{ .Values.auth_gateway.image.pullPolicy }} + {{- if .Values.auth_gateway.extraArgs }} + args: + {{- range $key, $value := .Values.auth_gateway.extraArgs }} + - "-{{ $key }}={{ $value }}" + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.auth_gateway.extraVolumeMounts }} + {{- toYaml .Values.auth_gateway.extraVolumeMounts | nindent 12}} + {{- end }} + - name: config + mountPath: /etc/auth-gateway + ports: + - name: http-metrics + containerPort: {{ .Values.auth_gateway.http_listen_port }} + protocol: TCP + startupProbe: + {{- toYaml .Values.auth_gateway.startupProbe | nindent 12 }} + livenessProbe: + {{- toYaml .Values.auth_gateway.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.auth_gateway.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.auth_gateway.resources | nindent 12 }} + {{- if .Values.auth_gateway.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.auth_gateway.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.auth_gateway.env }} + env: + {{- toYaml .Values.auth_gateway.env | nindent 12 }} + {{- end }} + {{- if .Values.auth_gateway.extraContainers }} + {{- toYaml .Values.auth_gateway.extraContainers | nindent 8}} + {{- end }} + nodeSelector: + {{- toYaml .Values.auth_gateway.nodeSelector | nindent 8 }} + {{- if .Values.auth_gateway.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml .Values.auth_gateway.topologySpreadConstraints | nindent 8}} + {{- end }} + affinity: + {{- toYaml .Values.auth_gateway.affinity | nindent 8 }} + tolerations: + {{- toYaml .Values.auth_gateway.tolerations | nindent 8 }} + terminationGracePeriodSeconds: {{ .Values.auth_gateway.terminationGracePeriodSeconds }} + volumes: + - name: config + configMap: + name: {{ template "cortex.fullname" . }}-auth-gateway + {{- if .Values.auth_gateway.extraVolumes }} + {{- toYaml .Values.auth_gateway.extraVolumes | nindent 8}} + {{- end }} +{{- end }} diff --git a/templates/auth-gateway/auth-gateway-hpa.yaml b/templates/auth-gateway/auth-gateway-hpa.yaml new file mode 100644 index 00000000..d927d892 --- /dev/null +++ b/templates/auth-gateway/auth-gateway-hpa.yaml @@ -0,0 +1,42 @@ +{{- if and .Values.auth_gateway.enabled .Values.auth_gateway.autoscaling.enabled }} +{{- with .Values.auth_gateway.autoscaling -}} +apiVersion: {{ include "cortex.hpaVersion" $ }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "cortex.authGatewayFullname" $ }} + namespace: {{ $.Release.Namespace }} + labels: + {{- include "cortex.authGatewayLabels" $ | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "cortex.authGatewayFullname" $ }} + minReplicas: {{ .minReplicas }} + maxReplicas: {{ .maxReplicas }} + metrics: + {{- with .targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .extraMetrics }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/templates/auth-gateway/auth-gateway-ingress.yaml b/templates/auth-gateway/auth-gateway-ingress.yaml new file mode 100755 index 00000000..354a6063 --- /dev/null +++ b/templates/auth-gateway/auth-gateway-ingress.yaml @@ -0,0 +1,40 @@ +{{- if and .Values.ingress.enabled .Values.auth_gateway.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "cortex.authGatewayFullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "cortex.authGatewayLabels" . | nindent 4 }} + annotations: + {{- toYaml .Values.ingress.annotations | nindent 4 }} +spec: +{{- if .Values.ingress.ingressClass.enabled }} + ingressClassName: {{ .Values.ingress.ingressClass.name }} +{{- end }} +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + pathType: "Prefix" + backend: + service: + name: {{ include "cortex.authGatewayFullname" $ }} + port: + number: {{ $.Values.auth_gateway.http_listen_port }} + {{- end }} + {{- end }} +{{- end }} diff --git a/templates/auth-gateway/auth-gateway-poddisruptionbudget.yaml b/templates/auth-gateway/auth-gateway-poddisruptionbudget.yaml new file mode 100644 index 00000000..f84abdae --- /dev/null +++ b/templates/auth-gateway/auth-gateway-poddisruptionbudget.yaml @@ -0,0 +1,14 @@ +{{- if and (.Values.auth_gateway.enabled) (gt (int .Values.auth_gateway.replicas) 1) (.Values.auth_gateway.podDisruptionBudget) }} +apiVersion: {{ include "cortex.pdbVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "cortex.authGatewayFullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "cortex.authGatewayLabels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "cortex.authGatewaySelectorLabels" . | nindent 6 }} + {{- toYaml .Values.auth_gateway.podDisruptionBudget | nindent 2 }} +{{- end }} diff --git a/templates/auth-gateway/auth-gateway-svc.yaml b/templates/auth-gateway/auth-gateway-svc.yaml new file mode 100644 index 00000000..b7ec56ef --- /dev/null +++ b/templates/auth-gateway/auth-gateway-svc.yaml @@ -0,0 +1,23 @@ +{{- if .Values.auth_gateway.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "cortex.authGatewayFullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "cortex.authGatewayLabels" . | nindent 4 }} + {{- with .Values.auth_gateway.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- toYaml .Values.auth_gateway.service.annotations | nindent 4 }} +spec: + type: {{ .Values.auth_gateway.service.type }} + ports: + - port: {{ .Values.auth_gateway.http_listen_port }} + protocol: TCP + name: http-metrics + targetPort: http-metrics + selector: + {{- include "cortex.authGatewaySelectorLabels" . | nindent 4 }} +{{- end }} From 4f376091b66960512c99be8e47627a0c05c18902 Mon Sep 17 00:00:00 2001 From: Friedrich Gonzalez Date: Tue, 1 Aug 2023 16:01:55 +0200 Subject: [PATCH 2/4] Disabled by default Signed-off-by: Friedrich Gonzalez --- values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/values.yaml b/values.yaml index 314bb8bf..68427665 100644 --- a/values.yaml +++ b/values.yaml @@ -1181,6 +1181,9 @@ purger: path: /ready port: http-metrics +auth_gateway: + enabled: false + nginx: enabled: true replicas: 2 From c62713f928308ca635b68124ba24490975ed3c0a Mon Sep 17 00:00:00 2001 From: Friedrich Gonzalez Date: Tue, 1 Aug 2023 16:07:34 +0200 Subject: [PATCH 3/4] Disable autoscaling Signed-off-by: Friedrich Gonzalez --- values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/values.yaml b/values.yaml index 68427665..ae1e045c 100644 --- a/values.yaml +++ b/values.yaml @@ -1183,6 +1183,8 @@ purger: auth_gateway: enabled: false + autoscaling: + enabled: false nginx: enabled: true From 76a6872fe40e85193aed126079a8fcc39d67328f Mon Sep 17 00:00:00 2001 From: Friedrich Gonzalez Date: Tue, 1 Aug 2023 16:11:03 +0200 Subject: [PATCH 4/4] Update docs Signed-off-by: Friedrich Gonzalez --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index ef5ee84b..a335f81b 100644 --- a/README.md +++ b/README.md @@ -162,6 +162,8 @@ Kubernetes: `^1.19.0-0` | alertmanager.​terminationGracePeriodSeconds | int | `60` | | | alertmanager.​tolerations | list | `[]` | Tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | | alertmanager.​topologySpreadConstraints | list | `[]` | | +| auth_gateway.​autoscaling.​enabled | bool | `false` | | +| auth_gateway.​enabled | bool | `false` | | | clusterDomain | string | `"cluster.local"` | Kubernetes cluster DNS domain | | compactor.​affinity.​podAntiAffinity.​preferredDuringSchedulingIgnoredDuringExecution[0].​podAffinityTerm.​labelSelector.​matchExpressions[0].​key | string | `"app.kubernetes.io/component"` | | | compactor.​affinity.​podAntiAffinity.​preferredDuringSchedulingIgnoredDuringExecution[0].​podAffinityTerm.​labelSelector.​matchExpressions[0].​operator | string | `"In"` | |