Add resources for pod disruption budgets and horizontal scaling (#81)

Signed-off-by: Spencer Gilbert <[email protected]>
pomerium · Apr 16, 2020 · 58c8703 · 58c8703
1 parent f396e7c
commit 58c8703
Show file tree

Hide file tree

Showing 13 changed files with 228 additions and 1 deletion.
diff --git a/charts/pomerium/Chart.yaml b/charts/pomerium/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: pomerium
-version: 8.0.1
+version: 8.1.0
 appVersion: 0.6.2
 home: http://www.pomerium.io/
 icon: https://www.pomerium.io/logo-long.svg

diff --git a/charts/pomerium/README.md b/charts/pomerium/README.md
diff --git a/charts/pomerium/templates/authenticate-deployment.yaml b/charts/pomerium/templates/authenticate-deployment.yaml
@@ -20,7 +20,9 @@ metadata:
  {{- end }}
 {{- end }}
 spec:
+  {{- if (ne .Values.authenticate.autoscaling.enabled true) }}
   replicas: {{ default .Values.replicaCount .Values.authenticate.replicaCount }}
+  {{- end }}
   selector:
     matchLabels:
       app.kubernetes.io/name: {{ template "pomerium.authenticate.name" . }}

diff --git a/charts/pomerium/templates/authenticate-hpa.yaml b/charts/pomerium/templates/authenticate-hpa.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.authenticate.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ template "pomerium.authenticate.name" . }}
+    helm.sh/chart: {{ template "pomerium.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: authenticate
+  name: {{ template "pomerium.authenticate.fullname" . }}-hpa
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "pomerium.authenticate.fullname" . }}
+  minReplicas: {{ .Values.authenticate.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.authenticate.autoscaling.maxReplicas }}
+  metrics:
+{{- with .Values.authenticate.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ . }}
+{{- end }}
+{{- with .Values.authenticate.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ . }}
+{{- end }}
+{{- end }}
diff --git a/charts/pomerium/templates/authenticate-pdb.yaml b/charts/pomerium/templates/authenticate-pdb.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.authenticate.pdb.enabled -}}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ template "pomerium.authenticate.name" . }}
+    helm.sh/chart: {{ template "pomerium.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: authenticate
+  name: {{ template "pomerium.authenticate.fullname" . }}-pdp
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "pomerium.authenticate.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  minAvailable: {{ .Values.authenticate.pdb.minAvailable }}
+{{- end }}
diff --git a/charts/pomerium/templates/authorize-deployment.yaml b/charts/pomerium/templates/authorize-deployment.yaml
@@ -22,7 +22,9 @@ metadata:
   {{- end }}
 {{- end }}
 spec:
+  {{- if (ne .Values.authorize.autoscaling.enabled true) }}
   replicas: {{ default .Values.replicaCount .Values.authorize.replicaCount }}
+  {{- end }}
   selector:
     matchLabels:
       app.kubernetes.io/name: {{ template "pomerium.authorize.name" . }}

diff --git a/charts/pomerium/templates/authorize-hpa.yaml b/charts/pomerium/templates/authorize-hpa.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.authorize.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ template "pomerium.authorize.name" . }}
+    helm.sh/chart: {{ template "pomerium.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: authorize
+  name: {{ template "pomerium.authorize.fullname" . }}-hpa
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "pomerium.authorize.fullname" . }}
+  minReplicas: {{ .Values.authorize.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.authorize.autoscaling.maxReplicas }}
+  metrics:
+{{- with .Values.authorize.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ . }}
+{{- end }}
+{{- with .Values.authorize.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ . }}
+{{- end }}
+{{- end }}
diff --git a/charts/pomerium/templates/authorize-pdb.yaml b/charts/pomerium/templates/authorize-pdb.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.authorize.pdb.enabled -}}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ template "pomerium.authorize.name" . }}
+    helm.sh/chart: {{ template "pomerium.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: authorize
+  name: {{ template "pomerium.authorize.fullname" . }}-pdp
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "pomerium.authorize.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  minAvailable: {{ .Values.authorize.pdb.minAvailable }}
+{{- end }}
diff --git a/charts/pomerium/templates/cache-pdb.yaml b/charts/pomerium/templates/cache-pdb.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.cache.pdb.enabled -}}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ template "pomerium.cache.name" . }}
+    helm.sh/chart: {{ template "pomerium.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: cache
+  name: {{ template "pomerium.cache.fullname" . }}-pdp
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "pomerium.cache.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  minAvailable: {{ .Values.cache.pdb.minAvailable }}
+{{- end }}
diff --git a/charts/pomerium/templates/proxy-deployment.yaml b/charts/pomerium/templates/proxy-deployment.yaml
@@ -22,7 +22,9 @@ metadata:
   {{- end }}
 {{- end }}
 spec:
+  {{- if (ne .Values.proxy.autoscaling.enabled true) }}
   replicas: {{ default .Values.replicaCount .Values.proxy.replicaCount }}
+  {{- end }}
   selector:
     matchLabels:
       app.kubernetes.io/name: {{ template "pomerium.proxy.name" . }}

diff --git a/charts/pomerium/templates/proxy-hpa.yaml b/charts/pomerium/templates/proxy-hpa.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.proxy.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ template "pomerium.proxy.name" . }}
+    helm.sh/chart: {{ template "pomerium.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: proxy
+  name: {{ template "pomerium.proxy.fullname" . }}-hpa
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "pomerium.proxy.fullname" . }}
+  minReplicas: {{ .Values.proxy.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.proxy.autoscaling.maxReplicas }}
+  metrics:
+{{- with .Values.proxy.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ . }}
+{{- end }}
+{{- with .Values.proxy.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ . }}
+{{- end }}
+{{- end }}
diff --git a/charts/pomerium/templates/proxy-pdb.yaml b/charts/pomerium/templates/proxy-pdb.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.proxy.pdb.enabled -}}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ template "pomerium.proxy.name" . }}
+    helm.sh/chart: {{ template "pomerium.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: proxy
+  name: {{ template "pomerium.proxy.fullname" . }}-pdp
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "pomerium.proxy.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  minAvailable: {{ .Values.proxy.pdb.minAvailable }}
+{{- end }}
diff --git a/charts/pomerium/values.yaml b/charts/pomerium/values.yaml
@@ -44,6 +44,15 @@ authenticate:
     defaultSANList: []
     defaultIPList: []
   replicaCount: 1
+  autoscaling:
+    enabled: false
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 50
+    targetMemoryUtilizationPercentage: 50
+  pdb:
+    enabled: false
+    minAvailable: 1
   service:
     annotations: {}
   deployment:
@@ -60,6 +69,15 @@ authorize:
     defaultSANList: []
     defaultIPList: []
   replicaCount: 1
+  autoscaling:
+    enabled: false
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 50
+    targetMemoryUtilizationPercentage: 50
+  pdb:
+    enabled: false
+    minAvailable: 1
   service:
     annotations: {}
   deployment:
@@ -75,6 +93,9 @@ cache:
     defaultSANList: []
     defaultIPList: []
   replicaCount: 1
+  pdb:
+    enabled: false
+    minAvailable: 1
   service:
     annotations: {}
   deployment:
@@ -93,6 +114,15 @@ proxy:
   existingSigningKeySecret: ""
   signingKey: ""
   replicaCount: 1
+  autoscaling:
+    enabled: false
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 50
+    targetMemoryUtilizationPercentage: 50
+  pdb:
+    enabled: false
+    minAvailable: 1
   authenticateServiceUrl: ""
   authorizeInternalUrl: ""
   service: