Add HorizontalPodAutoscaler and PodDisruptionBudget resources to aws-crossplane blueprint

michaelvl · michaelvl · commit 6eef1faf4aaf · 2023-06-09T06:32:01.000+02:00
diff --git a/blueprints/aws-alb-crossplane/README.md b/blueprints/aws-alb-crossplane/README.md
@@ -6,7 +6,8 @@ infrastructure:
 - Application load balancer (ALB).
 - Security group for ALB, together with ingress and egress rules (for
   both data and healthchecks).
-- ALB target group and listener definitions.
+- ALB target group
+- ALB listener definitions for both terminating TLS (port 443) and redirecting HTTP (port 80) to HTTPS.
 
 This definition also includes the following Kubernetes infrastructure:
 
@@ -17,6 +18,8 @@ This definition also includes the following Kubernetes infrastructure:
   for propagating Kubernetes endpoints for the Istio ingress gateway
   to the AWS ALB target group. This links the Kubernetes internal and
   AWS infrastructure.
+- Optional HorizontalPodAutoscaler
+- Optional PodDisruptionBudget
 
 **Note** the ALB terminates TLS and forwards traffic un-encrypted to
 the Istio ingress gateway.
diff --git a/blueprints/aws-alb-crossplane/gatewayclassblueprint-aws-alb-crossplane.yaml b/blueprints/aws-alb-crossplane/gatewayclassblueprint-aws-alb-crossplane.yaml
@@ -11,9 +11,16 @@ spec:
         threshold: 2
         path: /healthz/ready
         port: 15021
+      hpa:
+        minReplicas: 1  # optional
+        maxReplicas: 3  # Optional, will default to minReplicas if minReplicas is defined
+        averageUtilization: 60
       ingressAcls:
         cidrs:
         - 0.0.0.0/0
+      pdb:
+        minAvailable: "1"
+        maxUnavailable:
       tags: []
     # Values required by this blueprint without defaults:
     #   providerConfigName: "example-crossplane-provider-name"
@@ -42,6 +49,7 @@ spec:
           namespace: {{ .Gateway.metadata.namespace }}
           annotations:
             networking.istio.io/service-type: ClusterIP
+            sidecar.istio.io/proxyCPU: "1"
             {{ if .Values.tags }}
             {{ toYaml .Values.tags | nindent 4 }}
             {{ end }}
@@ -337,6 +345,59 @@ spec:
                 tv2.dk/gw: {{ .Gateway.metadata.namespace }}-{{ .Gateway.metadata.name }}
             toPort: 15021
             type: ingress
+      hpa: |
+        {{ if or (get .Values.hpa "minReplicas") (get .Values.hpa "maxReplicas") }}
+        apiVersion: autoscaling/v2
+        kind: HorizontalPodAutoscaler
+        metadata:
+          labels:
+            tv2.dk/gw: {{ .Gateway.metadata.namespace }}-{{ .Gateway.metadata.name }}
+          name: gw-{{ .Gateway.metadata.namespace }}-{{ .Gateway.metadata.name }}
+          namespace: {{ .Gateway.metadata.namespace }}
+        spec:
+          scaleTargetRef:
+            apiVersion: apps/v1
+            kind: Deployment
+            name: {{ .Gateway.metadata.name }}-child-istio
+          {{ if get .Values.hpa "minReplicas" }}
+          minReplicas: {{ .Values.hpa.minReplicas }}
+          {{ end }}
+          {{ if get .Values.hpa "maxReplicas" }}
+          maxReplicas: {{ .Values.hpa.maxReplicas }}
+          {{ else }} # Ensure that max >= min
+            {{ if get .Values.hpa "minReplicas" }}
+          maxReplicas: {{ .Values.hpa.minReplicas }}
+            {{ end }}
+          {{ end }}
+          metrics:
+          - type: Resource
+            resource:
+              name: cpu
+              target:
+                type: Utilization
+                averageUtilization: {{ .Values.hpa.averageUtilization }}
+        {{ end }}
+      pdb: |
+        {{ if or (get .Values.pdb "minAvailable") (get .Values.pdb "maxUnavailable") }}
+        apiVersion: policy/v1
+        kind: PodDisruptionBudget
+        metadata:
+          labels:
+            tv2.dk/gw: {{ .Gateway.metadata.namespace }}-{{ .Gateway.metadata.name }}
+          name: gw-{{ .Gateway.metadata.namespace }}-{{ .Gateway.metadata.name }}
+          namespace: {{ .Gateway.metadata.namespace }}
+        spec:
+          {{ if get .Values.pdb "minAvailable" }}
+          minAvailable: {{ .Values.pdb.minAvailable }}
+          {{ else }}
+          maxUnavailable: {{ .Values.pdb.maxUnavailable }}
+          {{ end }}
+          selector:
+            # Match the generated Deployment by label
+            matchLabels:
+              tv2.dk/gw: {{ .Gateway.metadata.namespace }}-{{ .Gateway.metadata.name }}
+              istio.io/gateway-name: {{ .Gateway.metadata.name }}-child
+        {{ end }}
 
   # The following are templates used to 'implement' a 'parent' HTTPRoute
   httpRouteTemplate:
diff --git a/hack/demo/show-resources.sh b/hack/demo/show-resources.sh
@@ -1,3 +1,3 @@
 #! /bin/bash
 
-kubectl get gateway,lbs,lbtargetgroups,lblisteners,securitygroups,securitygrouprules,targetgroupbindings -A | sed -E 's#(arn:aws:elasticloadbalancing:eu-central-1:)[0-9]+(:[-0-9a-z\/]+)#\11234567890\2#'
+kubectl get gateway,lbs,lbtargetgroups,lblisteners,securitygroups,securitygrouprules,targetgroupbindings,hpa,pdb -A | sed -E 's#(arn:aws:elasticloadbalancing:eu-central-1:)[0-9]+(:[-0-9a-z\/]+)#\11234567890\2#'

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`#! /bin/bash`
`2`	`2`
`3`		`-kubectl get gateway,lbs,lbtargetgroups,lblisteners,securitygroups,securitygrouprules,targetgroupbindings -A \| sed -E 's#(arn:aws:elasticloadbalancing:eu-central-1:)[0-9]+(:[-0-9a-z\/]+)#\11234567890\2#'`
	`3`	`+kubectl get gateway,lbs,lbtargetgroups,lblisteners,securitygroups,securitygrouprules,targetgroupbindings,hpa,pdb -A \| sed -E 's#(arn:aws:elasticloadbalancing:eu-central-1:)[0-9]+(:[-0-9a-z\/]+)#\11234567890\2#'`