From 4f0c946c1d5dc2b1af3e4d10675b67cb2913f4af Mon Sep 17 00:00:00 2001 From: QuentinBisson Date: Sat, 4 Nov 2023 15:22:56 +0100 Subject: [PATCH] fix retag Signed-off-by: QuentinBisson --- .circleci/config.yml | 54 +- CHANGELOG.md | 2 +- README.md | 87 +- helm/keda/Chart.yaml | 10 + helm/keda/README.md | 497 +++---- helm/keda/templates/14-keda-deployment.yaml | 7 +- .../templates/17-keda-servicemonitor.yaml | 2 +- .../19-keda-ciliumnetworkpolicy.yaml | 2 +- .../keda/templates/22-metrics-deployment.yaml | 7 +- .../templates/27-metrics-servicemonitor.yaml | 2 +- .../28-metrics-ciliumnetworkpolicy.yaml | 2 +- .../templates/30-webhooks-deployment.yaml | 7 +- .../templates/33-webhooks-servicemonitor.yaml | 2 +- .../36-webhooks-ciliumnetworkpolicy.yaml | 2 +- helm/keda/values.schema.json | 1242 +++++++++++++++++ helm/keda/values.yaml | 43 +- vendir.lock.yml | 6 +- vendir.yml | 4 +- 18 files changed, 1625 insertions(+), 353 deletions(-) create mode 100644 helm/keda/values.schema.json diff --git a/.circleci/config.yml b/.circleci/config.yml index 56ffd88..fa00855 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,10 +5,22 @@ orbs: workflows: package-and-push-chart-on-tag: jobs: + - architect/push-to-app-catalog: + context: "architect" + executor: "app-build-suite" + name: "push to default-catalog" + app_catalog: "default-catalog" + app_catalog_test: "default-test-catalog" + chart: "keda" + # Trigger job on git tag. + filters: + tags: + only: /^v.*/ + - architect/push-to-app-catalog: context: "architect" executor: "app-build-suite" # uncomment this if you want automatic metadata generation and helm chart linting - name: "package and push keda chart" + name: "push to giantswarm-catalog" app_catalog: "giantswarm-catalog" app_catalog_test: "giantswarm-test-catalog" chart: "keda" @@ -16,3 +28,43 @@ workflows: filters: tags: only: /^v.*/ + + - architect/push-to-app-catalog: + context: "architect" + executor: "app-build-suite" # uncomment this if you want automatic metadata generation and helm chart linting + name: "push to control-plane-catalog" + app_catalog: "control-plane-catalog" + app_catalog_test: "control-plane-test-catalog" + chart: "keda" + # Trigger job on git tag. + filters: + tags: + only: /^v.*/ + + - architect/push-to-app-collection: + context: "architect" + name: aws-app-collection + app_name: "keda" + app_namespace: "kube-system" + app_collection_repo: "aws-app-collection" + requires: + - "push to control-plane-catalog" + filters: + branches: + ignore: /.*/ + tags: + only: /^v.*/ + + - architect/push-to-app-collection: + context: "architect" + name: azure-app-collection + app_name: "keda" + app_namespace: "kube-system" + app_collection_repo: "azure-app-collection" + requires: + - "push to control-plane-catalog" + filters: + branches: + ignore: /.*/ + tags: + only: /^v.*/ diff --git a/CHANGELOG.md b/CHANGELOG.md index d90f10a..121aa6f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -- changed: `app.giantswarm.io` label group was changed to `application.giantswarm.io` +- Create first app iteration. [Unreleased]: https://github.com/giantswarm/keda-app/tree/main diff --git a/README.md b/README.md index 258709b..334b464 100644 --- a/README.md +++ b/README.md @@ -1,70 +1,61 @@ -[![CircleCI](https://dl.circleci.com/status-badge/img/gh/giantswarm/keda-app/tree/main.svg?style=svg)](https://dl.circleci.com/status-badge/redirect/gh/giantswarm/keda-app/tree/main) +[![CircleCI](https://circleci.com/gh/giantswarm/keda-app.svg?style=shield)](https://circleci.com/gh/giantswarm/keda-app) -[Read me after cloning this template (GS staff only)](https://handbook.giantswarm.io/docs/dev-and-releng/app-developer-processes/adding_app_to_appcatalog/) +# keda chart -# keda-app chart - -Giant Swarm offers a keda-app App which can be installed in workload clusters. -Here we define the keda-app chart with its templates and default configuration. - -**What is this app?** - -**Why did we add it?** - -**Who can use it?** +Giant Swarm offers a keda App which can be installed in workload clusters. ## Installing There are several ways to install this app onto a workload cluster. -- [Using GitOps to instantiate the App](https://docs.giantswarm.io/advanced/gitops/apps/) -- [Using our web interface](https://docs.giantswarm.io/platform-overview/web-interface/app-platform/#installing-an-app). -- By creating an [App resource](https://docs.giantswarm.io/use-the-api/management-api/crd/apps.application.giantswarm.io/) in the management cluster as explained in [Getting started with App Platform](https://docs.giantswarm.io/getting-started/app-platform/). - -## Configuring - -### values.yaml - -**This is an example of a values file you could upload using our web interface.** - -```yaml -# values.yaml - -``` - -### Sample App CR and ConfigMap for the management cluster +- [Using our web interface](https://docs.giantswarm.io/ui-api/web/app-platform/#installing-an-app). +- By creating an [App resource](https://docs.giantswarm.io/ui-api/management-api/crd/apps.application.giantswarm.io/) in the management cluster as explained in [Getting started with App Platform](https://docs.giantswarm.io/app-platform/getting-started/). -If you have access to the Kubernetes API on the management cluster, you could create -the App CR and ConfigMap directly. +## Upgrading keda version -Here is an example that would install the app to -workload cluster `abc12`: +The content of the `helm` folder are being generated by the `make` target called `make update-chart`. -```yaml -# appCR.yaml +This target uses [`vendir`](https://carvel.dev/vendir/) to fetch the helm chart contained in [the fork of the keda repository that we maintain](https://github.com/giantswarm/keda-upstream). +Currently, the state is the following: +- the `main` branch on the fork contains latest upstream release `v2.12.x`, with our custom changes on top unreleased yet (TO BE 2.x). +- the `giantswarm/v2.11.x` branch contains latest upstream release `v2.11.x`, with our custom changes on top unreleased yet (TO BE 1.x). +- the `giantswarm/v2.10.x` branch contains latest upstream release `v2.10.x`, with our custom changes on top released in keda-app 0.x. -``` +### Major or minor version upgrade -```yaml -# user-values-configmap.yaml +If you want to upgrade this keda-app to use a newer version of keda, you need to prepare our fork first. -``` +In `keda-upstream`: -See our [full reference on how to configure apps](https://docs.giantswarm.io/getting-started/app-platform/app-configuration/) for more details. +1. You need to create a new branch for the previous version (e.g. `giantswarm/v2.12.x` for upstream release `v2.12.x` using `git checkout v2.12.x -b giantswarm/v2.12.x`) and then `cherry-pick` our changes from `main` into it or create the release branch from main (`git checkout main -b giantswarm/v2.12.x`) +2. Update the `main branch` to reflect latest upstream changes (sync fork should suffice). +3. Apply our custom changes on top of that new branch. You can use `cherry-pick` for that. -## Compatibility +In `keda-app`: -This app has been tested to work with the following workload cluster release versions: +4. Run the make target `APPLICATION=keda make update-chart && helm-docs helm/keda` +5. Update schema: `helm schema-gen helm/keda/values.yaml > helm/keda/values.schema.json` +6. Create a new pull request in `keda-app` with the generated changes. +If you need further customizations, you can keep adding commits on the new `keda-upstream` branch, and re-run `APPLICATION=keda make update-chart && helm-docs helm/keda` to update the generated files. +Do not forget to review this README. +7. Merge the changes in `keda-app` once you're happy with the changes and you've tested it works in a workload cluster. +8. Release a new major version of our `keda app` -- _add release version_ +### Patch version upgrade -## Limitations +If you want to upgrade this keda-app to use a newer version of keda, you need to prepare our fork first. -Some apps have restrictions on how they can be deployed. -Not following these limitations will most likely result in a broken deployment. +In `keda-upstream`: -- _add limitation_ +1. Go the the branch of the version you want to patch (e.g. `giantswarm/v2.10.x`). +2. Fetch latest tags from upstream: `git fetch --tags upstream` with upstream pointing to the upstream keda repository +3. Rebase the upstream tag (`git rebase -i `) -## Credit +In `keda-app`: -- {APP HELM REPOSITORY} +4. Run the make target `APPLICATION=keda make update-chart && helm-docs helm/keda` in the correct release branch (`0.x for keda 2.10`) +5. Update schema: `helm schema-gen helm/keda/values.yaml > helm/keda/values.schema.json` +6. Create a new pull request in `keda-app` with the generated changes. +If you need further customizations, you can keep adding commits on the new `keda-upstream` branch, and re-run `APPLICATION=keda make update-chart && helm-docs helm/keda` to update the generated files. +7. Merge the changes in `keda-app` once you're happy with the changes and you've tested it works in a workload cluster. +8. Release a new major version of our `keda app` diff --git a/helm/keda/Chart.yaml b/helm/keda/Chart.yaml index 97426ba..f6ad597 100644 --- a/helm/keda/Chart.yaml +++ b/helm/keda/Chart.yaml @@ -4,9 +4,19 @@ annotations: apiVersion: v2 name: keda description: Event-based autoscaler for workloads on Kubernetes + +# Specify the Kubernetes version range that we support. +# We allow pre-release versions for cloud-specific Kubernetes versions such as v1.21.5-gke.1302 or v1.18.9-eks-d1db3c kubeVersion: ">=v1.24.0-0" + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. appVersion: 2.10.1 + home: https://github.com/giantswarm/keda-app icon: https://raw.githubusercontent.com/kedacore/keda/main/images/keda-logo-500x500-white.png sources: diff --git a/helm/keda/README.md b/helm/keda/README.md index 9af7f82..bf42f10 100644 --- a/helm/keda/README.md +++ b/helm/keda/README.md @@ -1,276 +1,223 @@ -

-

Kubernetes-based Event Driven Autoscaling

+# keda + +![Version: 0.1.x](https://img.shields.io/badge/Version-0.1.x-informational?style=flat-square) ![AppVersion: 2.10.1](https://img.shields.io/badge/AppVersion-2.10.1-informational?style=flat-square) + +Event-based autoscaler for workloads on Kubernetes + +**Homepage:** + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.24.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Custom annotations to add into metadata | +| additionalLabels | object | `{}` | Custom labels to add into metadata | +| affinity | object | `{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["keda-operator","keda-operator-metrics-apiserver"]}]},"topologyKey":"kubernetes.io/hostname"}]}}` | Affinity for pod scheduling https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/ for both KEDA operator and Metrics API Server | +| certificates.autoGenerated | bool | `true` | | +| certificates.certManager.caSecretName | string | `"kedaorg-ca"` | | +| certificates.certManager.enabled | bool | `true` | | +| certificates.certManager.generateCA | bool | `true` | | +| certificates.certManager.secretTemplate | object | `{}` | | +| certificates.mountPath | string | `"/certs"` | | +| certificates.secretName | string | `"kedaorg-certs"` | | +| clusterDomain | string | `"cluster.local"` | | +| crds.install | bool | `true` | | +| env | string | `nil` | | +| extraArgs.keda | object | `{}` | | +| extraArgs.metricsAdapter | object | `{}` | | +| global.image.registry | string | `"docker.io"` | Global image registry of KEDA components | +| grpcTLSCertsSecret | string | `""` | | +| hashiCorpVaultTLS | string | `""` | | +| http.keepAlive.enabled | bool | `true` | | +| http.minTlsVersion | string | `"TLS12"` | | +| http.timeout | int | `3000` | | +| image.keda.registry | string | `nil` | Image registry of KEDA operator | +| image.keda.repository | string | `"giantswarm/keda"` | Image name of KEDA operator | +| image.keda.tag | string | `""` | Image tag of KEDA operator. Optional, given app version of Helm chart is used by default | +| image.metricsApiServer.registry | string | `nil` | Image registry of KEDA Metrics API Server | +| image.metricsApiServer.repository | string | `"giantswarm/keda-metrics-apiserver"` | Image name of KEDA Metrics API Server | +| image.metricsApiServer.tag | string | `""` | Image tag of KEDA Metrics API Server. Optional, given app version of Helm chart is used by default | +| image.pullPolicy | string | `"Always"` | Image pullPolicy for all KEDA components | +| image.webhooks.registry | string | `nil` | Image registry of KEDA admission-webhooks | +| image.webhooks.repository | string | `"giantswarm/keda-admission-webhooks"` | Image name of KEDA admission-webhooks | +| image.webhooks.tag | string | `""` | Image tag of KEDA admission-webhooks . Optional, given app version of Helm chart is used by default | +| imagePullSecrets | list | `[]` | | +| logging.metricServer.level | int | `0` | | +| logging.operator.format | string | `"console"` | | +| logging.operator.level | string | `"info"` | | +| logging.operator.timeEncoding | string | `"rfc3339"` | | +| logging.webhooks.format | string | `"console"` | | +| logging.webhooks.level | string | `"info"` | | +| logging.webhooks.timeEncoding | string | `"rfc3339"` | | +| metricsServer.affinity | object | `{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["keda-operator-metrics-apiserver"]}]},"topologyKey":"kubernetes.io/hostname"}]}}` | Affinity for pod scheduling https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/ for Metrics API Server. Takes precedence over the `affinity` field | +| metricsServer.dnsPolicy | string | `"ClusterFirst"` | | +| metricsServer.replicaCount | int | `1` | | +| metricsServer.useHostNetwork | bool | `false` | | +| networkPolicy.enabled | bool | `true` | | +| networkPolicy.flavor | string | `"cilium"` | | +| nodeSelector | object | `{}` | | +| operator.affinity | object | `{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["keda-operator"]}]},"topologyKey":"kubernetes.io/hostname"}]}}` | Affinity for pod scheduling https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/ for KEDA operator. Takes precedence over the `affinity` field | +| operator.name | string | `"keda-operator"` | | +| operator.replicaCount | int | `1` | | +| permissions.metricServer.restrict.secret | bool | `false` | | +| permissions.operator.restrict.secret | bool | `false` | | +| podAnnotations.keda | object | `{}` | | +| podAnnotations.metricsAdapter | object | `{}` | | +| podAnnotations.webhooks | object | `{}` | | +| podDisruptionBudget.metricServer.minAvailable | int | `1` | | +| podDisruptionBudget.operator.minAvailable | int | `1` | | +| podDisruptionBudget.webhooks.minAvailable | int | `1` | | +| podIdentity.activeDirectory.identity | string | `""` | | +| podIdentity.aws.irsa.audience | string | `"sts.amazonaws.com"` | | +| podIdentity.aws.irsa.enabled | bool | `false` | | +| podIdentity.aws.irsa.roleArn | string | `""` | | +| podIdentity.aws.irsa.stsRegionalEndpoints | string | `"true"` | | +| podIdentity.aws.irsa.tokenExpiration | int | `86400` | | +| podIdentity.azureWorkload.clientId | string | `""` | | +| podIdentity.azureWorkload.enabled | bool | `false` | | +| podIdentity.azureWorkload.tenantId | string | `""` | | +| podIdentity.azureWorkload.tokenExpiration | int | `3600` | | +| podLabels.keda | object | `{}` | | +| podLabels.metricsAdapter | object | `{}` | | +| podLabels.webhooks | object | `{}` | | +| podSecurityContext.metricServer.fsGroup | int | `1000` | | +| podSecurityContext.metricServer.runAsGroup | int | `1000` | | +| podSecurityContext.metricServer.runAsNonRoot | bool | `true` | | +| podSecurityContext.metricServer.runAsUser | int | `1000` | | +| podSecurityContext.operator.fsGroup | int | `1000` | | +| podSecurityContext.operator.runAsGroup | int | `1000` | | +| podSecurityContext.operator.runAsNonRoot | bool | `true` | | +| podSecurityContext.operator.runAsUser | int | `1000` | | +| podSecurityContext.webhooks.fsGroup | int | `1000` | | +| podSecurityContext.webhooks.runAsGroup | int | `1000` | | +| podSecurityContext.webhooks.runAsNonRoot | bool | `true` | | +| podSecurityContext.webhooks.runAsUser | int | `1000` | | +| priorityClassName | string | `""` | | +| prometheus.metricServer.enabled | bool | `true` | | +| prometheus.metricServer.path | string | `"/metrics"` | | +| prometheus.metricServer.podMonitor.additionalLabels | object | `{}` | | +| prometheus.metricServer.podMonitor.enabled | bool | `false` | | +| prometheus.metricServer.podMonitor.interval | string | `nil` | | +| prometheus.metricServer.podMonitor.namespace | string | `nil` | | +| prometheus.metricServer.podMonitor.relabelings | list | `[]` | | +| prometheus.metricServer.podMonitor.scrapeTimeout | string | `nil` | | +| prometheus.metricServer.port | int | `9022` | | +| prometheus.metricServer.portName | string | `"metrics"` | | +| prometheus.metricServer.serviceMonitor.additionalLabels | object | `{}` | | +| prometheus.metricServer.serviceMonitor.enabled | bool | `true` | | +| prometheus.metricServer.serviceMonitor.interval | string | `nil` | | +| prometheus.metricServer.serviceMonitor.jobLabel | string | `nil` | | +| prometheus.metricServer.serviceMonitor.podTargetLabels | list | `[]` | | +| prometheus.metricServer.serviceMonitor.port | string | `"metrics"` | | +| prometheus.metricServer.serviceMonitor.relabellings[0].replacement | string | `"keda"` | | +| prometheus.metricServer.serviceMonitor.relabellings[0].targetLabel | string | `"app"` | | +| prometheus.metricServer.serviceMonitor.scrapeTimeout | string | `nil` | | +| prometheus.metricServer.serviceMonitor.targetLabels | list | `[]` | | +| prometheus.metricServer.serviceMonitor.targetPort | string | `nil` | | +| prometheus.operator.enabled | bool | `true` | | +| prometheus.operator.podMonitor.additionalLabels | object | `{}` | | +| prometheus.operator.podMonitor.enabled | bool | `false` | | +| prometheus.operator.podMonitor.interval | string | `nil` | | +| prometheus.operator.podMonitor.namespace | string | `nil` | | +| prometheus.operator.podMonitor.relabelings | list | `[]` | | +| prometheus.operator.podMonitor.scrapeTimeout | string | `nil` | | +| prometheus.operator.port | int | `8080` | | +| prometheus.operator.prometheusRules.additionalLabels | object | `{}` | | +| prometheus.operator.prometheusRules.alerts | list | `[]` | | +| prometheus.operator.prometheusRules.enabled | bool | `false` | | +| prometheus.operator.prometheusRules.namespace | string | `nil` | | +| prometheus.operator.serviceMonitor.additionalLabels | object | `{}` | | +| prometheus.operator.serviceMonitor.enabled | bool | `true` | | +| prometheus.operator.serviceMonitor.interval | string | `nil` | | +| prometheus.operator.serviceMonitor.jobLabel | string | `nil` | | +| prometheus.operator.serviceMonitor.podTargetLabels | list | `[]` | | +| prometheus.operator.serviceMonitor.port | string | `"metrics"` | | +| prometheus.operator.serviceMonitor.relabellings[0].replacement | string | `"keda"` | | +| prometheus.operator.serviceMonitor.relabellings[0].targetLabel | string | `"app"` | | +| prometheus.operator.serviceMonitor.scrapeTimeout | string | `nil` | | +| prometheus.operator.serviceMonitor.targetLabels | list | `[]` | | +| prometheus.operator.serviceMonitor.targetPort | string | `nil` | | +| prometheus.webhooks.enabled | bool | `true` | | +| prometheus.webhooks.port | int | `8080` | | +| prometheus.webhooks.prometheusRules.additionalLabels | object | `{}` | | +| prometheus.webhooks.prometheusRules.alerts | list | `[]` | | +| prometheus.webhooks.prometheusRules.enabled | bool | `false` | | +| prometheus.webhooks.prometheusRules.namespace | string | `nil` | | +| prometheus.webhooks.serviceMonitor.additionalLabels | object | `{}` | | +| prometheus.webhooks.serviceMonitor.enabled | bool | `true` | | +| prometheus.webhooks.serviceMonitor.interval | string | `nil` | | +| prometheus.webhooks.serviceMonitor.jobLabel | string | `nil` | | +| prometheus.webhooks.serviceMonitor.podTargetLabels | list | `[]` | | +| prometheus.webhooks.serviceMonitor.port | string | `"metrics"` | | +| prometheus.webhooks.serviceMonitor.relabellings[0].replacement | string | `"keda"` | | +| prometheus.webhooks.serviceMonitor.relabellings[0].targetLabel | string | `"app"` | | +| prometheus.webhooks.serviceMonitor.scrapeTimeout | string | `nil` | | +| prometheus.webhooks.serviceMonitor.targetLabels | list | `[]` | | +| prometheus.webhooks.serviceMonitor.targetPort | string | `nil` | | +| rbac.create | bool | `true` | | +| resources.metricServer.limits.cpu | int | `1` | | +| resources.metricServer.limits.memory | string | `"1000Mi"` | | +| resources.metricServer.requests.cpu | string | `"100m"` | | +| resources.metricServer.requests.memory | string | `"100Mi"` | | +| resources.operator.limits.cpu | int | `1` | | +| resources.operator.limits.memory | string | `"1000Mi"` | | +| resources.operator.requests.cpu | string | `"100m"` | | +| resources.operator.requests.memory | string | `"100Mi"` | | +| resources.webhooks.limits.cpu | string | `"50m"` | | +| resources.webhooks.limits.memory | string | `"100Mi"` | | +| resources.webhooks.requests.cpu | string | `"10m"` | | +| resources.webhooks.requests.memory | string | `"10Mi"` | | +| securityContext.metricServer.allowPrivilegeEscalation | bool | `false` | | +| securityContext.metricServer.capabilities.drop[0] | string | `"ALL"` | | +| securityContext.metricServer.readOnlyRootFilesystem | bool | `true` | | +| securityContext.metricServer.seccompProfile.type | string | `"RuntimeDefault"` | | +| securityContext.operator.allowPrivilegeEscalation | bool | `false` | | +| securityContext.operator.capabilities.drop[0] | string | `"ALL"` | | +| securityContext.operator.readOnlyRootFilesystem | bool | `true` | | +| securityContext.operator.seccompProfile.type | string | `"RuntimeDefault"` | | +| securityContext.webhooks.allowPrivilegeEscalation | bool | `false` | | +| securityContext.webhooks.capabilities.drop[0] | string | `"ALL"` | | +| securityContext.webhooks.readOnlyRootFilesystem | bool | `true` | | +| securityContext.webhooks.seccompProfile.type | string | `"RuntimeDefault"` | | +| service.annotations | object | `{}` | | +| service.portHttp | int | `80` | | +| service.portHttpTarget | int | `8080` | | +| service.portHttps | int | `443` | | +| service.portHttpsTarget | int | `6443` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.automountServiceAccountToken | bool | `true` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `"keda-operator"` | | +| tolerations | list | `[]` | | +| topologySpreadConstraints | object | `{}` | Pod Topology Constraints https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | +| upgradeStrategy.metricsApiServer.rollingUpdate.maxSurge | int | `1` | | +| upgradeStrategy.metricsApiServer.rollingUpdate.maxUnavailable | int | `1` | | +| upgradeStrategy.metricsApiServer.type | string | `"RollingUpdate"` | | +| upgradeStrategy.operator.rollingUpdate.maxSurge | int | `1` | | +| upgradeStrategy.operator.rollingUpdate.maxUnavailable | int | `1` | | +| upgradeStrategy.operator.type | string | `"RollingUpdate"` | | +| upgradeStrategy.webhooks.rollingUpdate.maxSurge | int | `1` | | +| upgradeStrategy.webhooks.rollingUpdate.maxUnavailable | int | `1` | | +| upgradeStrategy.webhooks.type | string | `"RollingUpdate"` | | +| volumes.keda.extraVolumeMounts | list | `[]` | | +| volumes.keda.extraVolumes | list | `[]` | | +| volumes.metricsApiServer.extraVolumeMounts | list | `[]` | | +| volumes.metricsApiServer.extraVolumes | list | `[]` | | +| volumes.webhooks.extraVolumeMounts | list | `[]` | | +| volumes.webhooks.extraVolumes | list | `[]` | | +| watchNamespace | string | `""` | | +| webhooks.affinity | object | `{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["keda-operator"]}]},"topologyKey":"kubernetes.io/hostname"}]}}` | Affinity for pod scheduling https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/ for KEDA operator. Takes precedence over the `affinity` field | +| webhooks.enabled | bool | `true` | | +| webhooks.failurePolicy | string | `"Ignore"` | | +| webhooks.name | string | `"keda-admission-webhooks"` | | +| webhooks.replicaCount | int | `1` | | -KEDA allows for fine grained autoscaling (including to/from zero) for event driven Kubernetes workloads. KEDA serves as a Kubernetes Metrics Server and allows users to define autoscaling rules using a dedicated Kubernetes custom resource definition. - -KEDA can run on both the cloud and the edge, integrates natively with Kubernetes components such as the Horizontal Pod Autoscaler, and has no external dependencies. - ---- -

-We are a Cloud Native Computing Foundation (CNCF) incubation project. - - -

- ---- - -## TL;DR - -```console -helm repo add kedacore https://kedacore.github.io/charts -helm repo update - -kubectl create namespace keda -helm install keda kedacore/keda --namespace keda --version 2.10.2 -``` - -## Introduction - -This chart bootstraps KEDA infrastructure on a Kubernetes cluster using the Helm package manager. - -As part of that, it will install all the required Custom Resource Definitions (CRD). - -## Installing the Chart - -To install the chart with the release name `keda`: - -```console -$ kubectl create namespace keda -$ helm install keda kedacore/keda --namespace keda --version 2.10.0 -``` - -## Uninstalling the Chart - -To uninstall/delete the `keda` Helm chart: - -```console -helm uninstall keda -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the KEDA chart and -their default values. - -| Parameter | Description | Default | -|:-----------------------------------------------------------|:------------------------------------------|:------------------------------------------------| -| `image.keda.repository` | Image name of KEDA operator | `ghcr.io/kedacore/keda` | -| `image.keda.tag` | Image tag of KEDA operator. Optional, given app version of Helm chart is used by default | `` | -| `image.metricsApiServer.repository` | Image name of KEDA Metrics API Server | `ghcr.io/kedacore/keda-metrics-apiserver` | -| `image.metricsApiServer.tag` | Image tag of KEDA Metrics API Server. Optional, given app version of Helm chart is used by default | `` | -| `image.webhooks.repository` | Image name of KEDA admission-webhooks | `ghcr.io/kedacore/keda-admission-webhooks` | -| `image.webhooks.tag` | Image tag of KEDA admission-webhooks . Optional, given app version of Helm chart is used by default | `` | -| `clusterDomain` | The cluster domain name | `cluster.local` | -| `crds.install` | Defines whether the KEDA CRDs have to be installed or not. | `true` | -| `watchNamespace` | Defines Kubernetes namespaces to watch to scale their workloads. Default watches all namespaces | `` | -| `operator.name` | Name of the KEDA operator | `keda-operator` | -| `operator.replicaCount` | Capability to configure the number of replicas for KEDA operator.

While you can run more replicas of our operator, only one operator instance will be the leader and serving traffic.

You can run multiple replicas, but they will not improve the performance of KEDA, it could only reduce downtime during a failover.

Learn more in [our documentation](https://keda.sh/docs/latest/operate/cluster/#high-availability).| `1` | -| `operator.affinity` | Affinity for pod scheduling ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/)) for KEDA operator. Takes precedence over the `affinity` field | `{}` | -| `metricsServer.replicaCount` | Capability to configure the number of replicas for KEDA metric server.

While you can run more replicas of our metric server, only one instance will used and serve traffic.

You can run multiple replicas, but they will not improve the performance of KEDA, it could only reduce downtime during a failover.

Learn more in [our documentation](https://keda.sh/docs/latest/operate/cluster/#high-availability).| `1` | -| `metricsServer.dnsPolicy` | Defined the DNS policy for the metric server | `ClusterFirst` -| `metricsServer.useHostNetwork` | Enable metric server to use host network | `false` -| `metricsServer.affinity` | Affinity for pod scheduling ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/)) for Metrics API Server. Takes precedence over the `affinity` field | `{}` | -| `webhooks.enable` | Enable admission webhooks (this feature option will be removed in v2.12) | `true` | -| `webhooks.name` | Name of the KEDA admission webhooks | `keda-admission-webhooks` | -| `webhooks.replicaCount` | Capability to configure the number of replicas for KEDA admission webhooks | `1` | -| `webhooks.affinity` | Affinity for pod scheduling ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/)) for KEDA admission webhooks. Takes precedence over the `affinity` field | `{}` | -| `webhooks.failurePolicy` | [Failure policy](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy) to use with KEDA admission webhooks | `Ignore` | -| `imagePullSecrets` | Name of secret to use to pull images to use to pull Docker images | `[]` | -| `additionalLabels` | Additional labels to apply to KEDA workloads | `{}` | -| `additionalAnnotations` | Additional annotations to apply to KEDA workloads | `{}` | -| `podAnnotations.keda` | Pod annotations for KEDA operator | `{}` | -| `podAnnotations.metricsAdapter` | Pod annotations for KEDA Metrics Adapter | `{}` | -| `podAnnotations.webhooks` | Pod annotations for KEDA Admission webhooks | `{}` | -| `upgradeStrategy.operator` | Capability to configure [Deployment upgrade strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) for operator | `{}` | -| `upgradeStrategy.metricsApiServer` | Capability to configure [Deployment upgrade strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) for Metrics Api Server | `{}` | -| `upgradeStrategy.webhooks` | Capability to configure [Deployment upgrade strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) for Admission webhooks | `{}` | -| `podDisruptionBudget.operator` | Capability to configure [Pod Disruption Budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) | `{}` | -| `podDisruptionBudget.metricServer` | Capability to configure [Pod Disruption Budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) | `{}` | -| `podDisruptionBudget.webhooks` | Capability to configure [Pod Disruption Budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) | `{}` | -| `podLabels.keda` | Pod labels for KEDA operator | `{}` | -| `podLabels.metricsAdapter` | Pod labels for KEDA Metrics Adapter | `{}` | -| `podLabels.webhooks` | Pod labels for KEDA Admission webhooks | `{}` | -| `rbac.create` | Specifies whether RBAC should be used | `true` | -| `serviceAccount.create` | Specifies whether a service account should be created | `true` | -| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated. | `keda-operator` | -| `serviceAccount.automountServiceAccountToken` | Specifies whether created service account should automount API-Credentials | `true` | -| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | -| `podIdentity.activeDirectory.identity` | Identity in Azure Active Directory to use for Azure pod identity | `` | -| `podIdentity.azureWorkload.clientId` | Id of Azure Active Directory Client to use for authentication with Azure Workload Identity. ([docs](https://keda.sh/docs/concepts/authentication/#azure-workload-identity)) | `` | -| `podIdentity.azureWorkload.enabled` | Specifies whether [Azure Workload Identity](https://azure.github.io/azure-workload-identity/) is to be enabled or not. ([docs](https://keda.sh/docs/concepts/authentication/#azure-workload-identity)) | `false` | -| `podIdentity.azureWorkload.tenantId` | Id Azure Active Directory Tenant to use for authentication with for Azure Workload Identity. ([docs](https://keda.sh/docs/concepts/authentication/#azure-workload-identity)) | `` | -| `podIdentity.azureWorkload.tokenExpiration` | Duration in seconds to automatically expire tokens for the service account. ([docs](https://keda.sh/docs/concepts/authentication/#azure-workload-identity)) | `3600` | -| `podIdentity.aws.irsa.audience` | Sets the token audience for IRSA. | `sts.amazonaws.com` | -| `podIdentity.aws.irsa.enabled` | Specifies whether [AWS IAM Roles for Service Accounts (IRSA)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) is to be enabled or not. | `false` | -| `podIdentity.aws.irsa.roleArn` | ARN of an IRSA IAM role with a web identity provider to use for authentication via STS. | `` | -| `podIdentity.aws.irsa.stsRegionalEndpoints` | Sets the use of an STS regional endpoint instead of global. Recommended to use regional endpoint in almost all cases. | `true` | -| `podIdentity.aws.irsa.tokenExpiration` | Duration in seconds to automatically expire tokens for the service account. | `86400` | -| `grpcTLSCertsSecret` | Name of the secret that will be mounted to the /grpccerts path on the Pod to communicate over TLS with external scaler(s) (recommended). | ``| -| `hashiCorpVaultTLS` | Name of the secret that will be mounted to the /vault path on the Pod to communicate over TLS with HashiCorp Vault (recommended). | `` | -| `logging.operator.level` | Logging level for KEDA Operator. Allowed values are 'debug', 'info' & 'error'. | `info` | -| `logging.operator.format` | Logging format for KEDA Operator. Allowed values are 'console' & 'json'. | `console` | -| `logging.operator.timeEncoding` | Logging time format for KEDA Operator. Allowed values are 'epoch', 'millis', 'nano', 'iso8601', 'rfc3339' or 'rfc3339nano'. | `rfc3339` | -| `logging.metricServer.level` | Logging level for Metrics Server.Policy to use to pull Docker images. Allowed values are '0' for info, '4' for debug, or an integer value greater than 0, specified as string. You can find all allowed options [here](https://github.com/kubernetes/klog/blob/main/internal/severity/severity.go#L30). | `0` | -| `logging.webhooks.level` | Logging level for KEDA Admission webhooks. Allowed values are 'debug', 'info' & 'error'. | `info` | -| `logging.webhooks.format` | Logging format for KEDA Admission webhooks. Allowed values are 'console' & 'json'. | `console` | -| `logging.webhooks.timeEncoding` | Logging time format for KEDA Admission webhooks. Allowed values are 'epoch', 'millis', 'nano', 'iso8601', 'rfc3339' or 'rfc3339nano'. | `rfc3339` | -| `securityContext` | Security context for all containers ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container)) | [See below](#KEDA-is-secure-by-default) | -| `securityContext.operator` | Security context of the operator container ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container)) | [See below](#KEDA-is-secure-by-default) | -| `securityContext.metricServer` | Security context of the metricServer container ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container)) | [See below](#KEDA-is-secure-by-default) | -| `securityContext.webhooks` | Security context of the admission webhooks container ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container)) | [See below](#KEDA-is-secure-by-default) | -| `podSecurityContext` | Pod security context for all pods ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)) | [See below](#KEDA-is-secure-by-default) | -| `podSecurityContext.operator` | Pod security context of the KEDA operator pod ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)) | [See below](#KEDA-is-secure-by-default) | -| `podSecurityContext.metricServer` | Pod security context of the KEDA metrics apiserver pod ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)) | [See below](#KEDA-is-secure-by-default) | -| `podSecurityContext.webhooks` | Pod security context of the KEDA admission webhooks pod ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)) | [See below](#KEDA-is-secure-by-default) | -| `resources` | Manage resource request & limits of all KEDA workloads ([docs](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)) | `{}` | -| `resources.operator` | Manage resource request & limits of KEDA operator pod ([docs](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)) | `` | -| `resources.metricServer` | Manage resource request & limits of KEDA metrics apiserver pod ([docs](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)) | `` | -| `resources.webhooks` | Manage resource request & limits of KEDA admission webhooks pod ([docs](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)) | `` | -| `nodeSelector` | Node selector for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/)) | `{}` | -| `tolerations` | Tolerations for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)) | `[]` | -| `topologySpreadConstraints.operator` | object | `{}` | Pod Topology Constraints of KEDA operator pod https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | -| `topologySpreadConstraints.metricsServer` | object | `{}` | Pod Topology Constraints of KEDA metrics apiserver pod https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | -| `topologySpreadConstraints.webhooks` | object | `{}` | Pod Topology Constraints of KEDA admission webhooks pod https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | -| `affinity` | Affinity for pod scheduling ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/)) for both KEDA operator and Metrics API Server | `{}` | -| `priorityClassName` | Pod priority for KEDA Operator and Metrics Adapter ([docs](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/)) | `` | -| `extraArgs.keda` | Additional KEDA Operator container arguments| `{}` | -| `extraArgs.metricsAdapter` | Additional Metrics Adapter container arguments | `{}` | -| `env` | Additional environment variables that will be passed onto KEDA operator and metrics api service | `` | -| `http.timeout` | The default HTTP timeout to use for all scalers that use raw HTTP clients (some scalers use SDKs to access target services. These have built-in HTTP clients, and the timeout does not necessarily apply to them) | `` | -| `http.minTlsVersion` | The minimum TLS version to use for all scalers that use raw HTTP clients (some scalers use SDKs to access target services. These have built-in HTTP clients, and this value does not necessarily apply to them) | `` | -| `service.annotations` | Annotations to add the KEDA Metric Server service | `{}` | -| `service.portHttp` | Service HTTP port for KEDA Metric Server service | `80` | -| `service.portHttpTarget` | Service HTTP port for KEDA Metric Server container | `8080` | -| `service.portHttps` | HTTPS port for KEDA Metric Server service | `443` | -| `service.portHttpsTarget` | HTTPS port for KEDA Metric Server container | `6443` | -| `prometheus.metricServer.enabled` | Enable metric server Prometheus metrics expose | `false` | -| `prometheus.metricServer.port` | HTTP port used for exposing metrics server prometheus metrics | `9022` | -| `prometheus.metricServer.portName` | HTTP port name for exposing metrics server prometheus metrics | `metrics` | -| `prometheus.metricServer.path` | Path used for exposing metric server prometheus metrics | `/metrics` | -| `prometheus.metricServer.podMonitor.enabled` | Enable monitoring for metric server using podMonitor crd (prometheus operator) | `false` | -| `prometheus.metricServer.podMonitor.interval` | Scraping interval for metric server using podMonitor crd (prometheus operator) | `` | -| `prometheus.metricServer.podMonitor.scrapeTimeout` | Scraping timeout for metric server using podMonitor crd (prometheus operator) | `` | -| `prometheus.metricServer.podMonitor.namespace` | Scraping namespace for metric server using podMonitor crd (prometheus operator) | `` | -| `prometheus.metricServer.podMonitor.additionalLabels` | Additional labels to add for metric server using podMonitor crd (prometheus operator) | `{}` | -| `prometheus.metricServer.podMonitor.relabelings` | List of expressions that define custom relabeling rules for metric server podMonitor crd (prometheus operator) | `[]` | -| `prometheus.metricServer.serviceMonitor.enabled` | Enable monitoring for metric server using podMonitor crd (prometheus operator) | `false` | -| `prometheus.metricServer.serviceMonitor.jobLabel` | JobLabel selects the label from the associated Kubernetes service which will be used as the job label for all metrics. [ServiceMonitor Spec](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.ServiceMonitor) | `` | -| `prometheus.metricServer.serviceMonitor.targetLabels` | TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics | `[]` | -| `prometheus.metricServer.serviceMonitor.podTargetLabels` | PodTargetLabels transfers labels on the Kubernetes `Pod` onto the created metrics | `[]` | -| `prometheus.metricServer.serviceMonitor.port` | Name of the service port this endpoint refers to. Mutually exclusive with targetPort | `metrics` | -| `prometheus.metricServer.serviceMonitor.targetPort` | Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port | `` | -| `prometheus.metricServer.serviceMonitor.interval` | Interval at which metrics should be scraped If not specified Prometheus’ global scrape interval is used. | `` | -| `prometheus.metricServer.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended If not specified, the Prometheus global scrape timeout is used unless it is less than Interval in which the latter is used | `` | -| `prometheus.metricServer.serviceMonitor.relabellings` | List of expressions that define custom relabeling rules for metric server ServiceMonitor crd (prometheus operator). [RelabelConfig Spec](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.RelabelConfig) | `[]` | -| `prometheus.metricServer.serviceMonitor.additionalLabels` | Additional labels to add for metric server using ServiceMonitor crd (prometheus operator) | `{}` | -| `prometheus.operator.enabled` | Enable KEDA Operator prometheus metrics expose | `false` | -| `prometheus.operator.port` | Port used for exposing KEDA Operator prometheus metrics | `8080` | -| `prometheus.operator.podMonitor.enabled` | Enable monitoring for KEDA Operator using podMonitor crd (prometheus operator) | `false` | -| `prometheus.operator.podMonitor.interval` | Scraping interval for KEDA Operator using podMonitor crd (prometheus operator) | `` | -| `prometheus.operator.podMonitor.scrapeTimeout` | Scraping timeout for KEDA Operator using podMonitor crd (prometheus operator) | `` | -| `prometheus.operator.podMonitor.namespace` | Scraping namespace for KEDA Operator using podMonitor crd (prometheus operator) | `` | -| `prometheus.operator.podMonitor.additionalLabels` | Additional labels to add for KEDA Operator using podMonitor crd (prometheus operator) | `{}` | -| `prometheus.operator.serviceMonitor.enabled` | Enable monitoring for metric server using podMonitor crd (prometheus operator) | `false` | -| `prometheus.operator.serviceMonitor.jobLabel` | JobLabel selects the label from the associated Kubernetes service which will be used as the job label for all metrics. [ServiceMonitor Spec](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.ServiceMonitor) | `` | -| `prometheus.operator.serviceMonitor.targetLabels` | TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics | `[]` | -| `prometheus.operator.serviceMonitor.podTargetLabels` | PodTargetLabels transfers labels on the Kubernetes `Pod` onto the created metrics | `[]` | -| `prometheus.operator.serviceMonitor.port` | Name of the service port this endpoint refers to. Mutually exclusive with targetPort | `metrics` | -| `prometheus.operator.serviceMonitor.targetPort` | Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port | `` | -| `prometheus.operator.serviceMonitor.interval` | Interval at which metrics should be scraped If not specified Prometheus’ global scrape interval is used. | `` | -| `prometheus.operator.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended If not specified, the Prometheus global scrape timeout is used unless it is less than Interval in which the latter is used | `` | -| `prometheus.operator.serviceMonitor.relabellings` | List of expressions that define custom relabeling rules for metric server ServiceMonitor crd (prometheus operator). [RelabelConfig Spec](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.RelabelConfig) | `[]` | -| `prometheus.operator.serviceMonitor.additionalLabels` | Additional labels to add for metric server using ServiceMonitor crd (prometheus operator) | `{}` | -| `prometheus.operator.prometheusRules.enabled` | Enable monitoring for KEDA Operator using prometheusRules crd (prometheus operator) | `false` | -| `prometheus.operator.prometheusRules.namespace` | Scraping namespace for KEDA Operator using prometheusRules crd (prometheus operator) | `` | -| `prometheus.operator.prometheusRules.additionalLabels` | Additional labels to add for KEDA Operator using prometheusRules crd (prometheus operator) | `{}` | -| `prometheus.operator.prometheusRules.alerts` | Additional alerts to add for KEDA Operator using prometheusRules crd (prometheus operator) | `[]` | -| `prometheus.operator.podMonitor.relabelings` | List of expressions that define custom relabeling rules for KEDA Operator podMonitor crd (prometheus operator) | `[]` | -| `prometheus.webhooks.enabled` | Enable KEDA admission webhooks prometheus metrics expose | `false` | -| `prometheus.webhooks.port` | Port used for exposing KEDA admission webhooks prometheus metrics | `8080` | -| `prometheus.webhooks.serviceMonitor.enabled` | Enable monitoring for metric server using serviceMonitor crd (prometheus operator) | `false` | -| `prometheus.webhooks.serviceMonitor.jobLabel` | JobLabel selects the label from the associated Kubernetes service which will be used as the job label for all metrics. [ServiceMonitor Spec](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.ServiceMonitor) | `` | -| `prometheus.webhooks.serviceMonitor.targetLabels` | TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics | `[]` | -| `prometheus.webhooks.serviceMonitor.podTargetLabels` | PodTargetLabels transfers labels on the Kubernetes `Pod` onto the created metrics | `[]` | -| `prometheus.webhooks.serviceMonitor.port` | Name of the service port this endpoint refers to. Mutually exclusive with targetPort | `metrics` | -| `prometheus.webhooks.serviceMonitor.targetPort` | Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port | `` | -| `prometheus.webhooks.serviceMonitor.interval` | Interval at which metrics should be scraped If not specified Prometheus’ global scrape interval is used. | `` | -| `prometheus.webhooks.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended If not specified, the Prometheus global scrape timeout is used unless it is less than Interval in which the latter is used | `` | -| `prometheus.webhooks.serviceMonitor.relabellings` | List of expressions that define custom relabeling rules for metric server ServiceMonitor crd (prometheus operator). [RelabelConfig Spec](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.RelabelConfig) | `[]` | -| `prometheus.webhooks.serviceMonitor.additionalLabels` | Additional labels to add for metric server using ServiceMonitor crd (prometheus operator) | `{}` | -| `prometheus.webhooks.prometheusRules.enabled` | Enable monitoring for KEDA admission webhooks using prometheusRules crd (prometheus operator) | `false` | -| `prometheus.webhooks.prometheusRules.namespace` | Scraping namespace for KEDA admission webhooks using prometheusRules crd (prometheus operator) | `` | -| `prometheus.webhooks.prometheusRules.additionalLabels` | Additional labels to add for KEDA admission webhooks using prometheusRules crd (prometheus operator) | `{}` | -| `prometheus.webhooks.prometheusRules.alerts` | Additional alerts to add for KEDA admission webhooks using prometheusRules crd (prometheus operator) | `[]` | -| `volumes.keda.extraVolumes` | Extra volumes for KEDA deployment | `[]` | -| `volumes.keda.extraVolumeMounts` | Extra volume mounts for KEDA deployment | `[]` | -| `volumes.metricsApiServer.extraVolumes` | Extra volumes for metric server deployment | `[]` | -| `volumes.metricsApiServer.extraVolumeMounts` | Extra volume mounts for metric server deployment | `[]` | -| `volumes.webhooks.extraVolumes` | Extra volumes for admission webhooks deployment | `[]` | -| `volumes.webhooks.extraVolumeMounts` | Extra volume mounts for admission webhooks deployment | `[]` | -| `certificates.autoGenerated` | Enables the self generation for KEDA TLS certificates inside KEDA operator | `true` | -| `certificates.secretName` | Secret name to be mounted with KEDA TLS certificates | `kedaorg-certs` | -| `certificates.mountPath` | Path where KEDA TLS certificates are mounted | `/certs` | -| `certificates.certManager.enabled` | Enables Cert-manager for certificate management | `false` | -| `certificates.certManager.generateCA` | Generates a self-signed CA with Cert-manager | `true` | -| `certificates.certManager.caSecretName` | Secret name where the CA is stored (generatedby cert-manager or user given) | `kedaorg-ca` | -| `certificates.certManager.secretTemplate` | [Labels or annotations to add to the secret generated](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources) by cert-manager | `{}` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to -`helm install`. For example: - -```console -$ helm install keda kedacore/keda --namespace keda \ - --set image.keda.tag= \ - --set image.metricsApiServer.tag= \ - --set image.webhooks.tag= -``` - -Alternatively, a YAML file that specifies the values for the above parameters can -be provided while installing the chart. For example, - -```console -helm install keda kedacore/keda --namespace keda -f values.yaml -``` - -## KEDA is secure by default - -Our default configuration strives to be as secure as possible. Because of that, KEDA will run as non-root and be secure-by-default: -```yaml -securityContext: - operator: - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - metricServer: - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - ## Metrics server needs to write the self-signed cert. See FAQ for discussion of options. - # readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - webhooks: - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - -podSecurityContext: - operator: - runAsNonRoot: true - metricServer: - runAsNonRoot: true - webhooks: - runAsNonRoot: true -``` diff --git a/helm/keda/templates/14-keda-deployment.yaml b/helm/keda/templates/14-keda-deployment.yaml index 94cfc38..7cbc190 100644 --- a/helm/keda/templates/14-keda-deployment.yaml +++ b/helm/keda/templates/14-keda-deployment.yaml @@ -66,7 +66,12 @@ spec: {{- else }} {{- toYaml .Values.securityContext | nindent 12 }} {{- end }} - image: "{{ .Values.global.image.registry | default .Values.image.keda.registry }}/{{ .Values.image.keda.repository }}:{{ .Values.image.keda.tag | default .Chart.AppVersion }}" + {{- $registry := .Values.global.image.registry | default .Values.image.keda.registry | default "" }} + {{- if $registry }} + image: "{{ $registry }}/{{ .Values.image.keda.repository }}:{{ .Values.image.keda.tag | default .Chart.AppVersion }}" + {{- else }} + image: "{{ .Values.image.keda.repository }}:{{ .Values.image.keda.tag | default .Chart.AppVersion }}" + {{- end }} command: - "/keda" args: diff --git a/helm/keda/templates/17-keda-servicemonitor.yaml b/helm/keda/templates/17-keda-servicemonitor.yaml index 76da682..fbb4757 100644 --- a/helm/keda/templates/17-keda-servicemonitor.yaml +++ b/helm/keda/templates/17-keda-servicemonitor.yaml @@ -40,7 +40,7 @@ spec: {{- end }} {{- with .Values.prometheus.operator.serviceMonitor.relabellings }} relabelings: - {{ toYaml . | indent 6 }} +{{ toYaml . | indent 6 }} {{- end }} namespaceSelector: matchNames: diff --git a/helm/keda/templates/19-keda-ciliumnetworkpolicy.yaml b/helm/keda/templates/19-keda-ciliumnetworkpolicy.yaml index 2bccc6b..cbbe537 100644 --- a/helm/keda/templates/19-keda-ciliumnetworkpolicy.yaml +++ b/helm/keda/templates/19-keda-ciliumnetworkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if eq .Values.networkPolicy.flavor "cilium" }} +{{- if and .Values.networkPolicy.enabled (eq .Values.networkPolicy.flavor "cilium") }} apiVersion: "cilium.io/v2" kind: CiliumNetworkPolicy metadata: diff --git a/helm/keda/templates/22-metrics-deployment.yaml b/helm/keda/templates/22-metrics-deployment.yaml index 19adbb9..6580877 100644 --- a/helm/keda/templates/22-metrics-deployment.yaml +++ b/helm/keda/templates/22-metrics-deployment.yaml @@ -69,7 +69,12 @@ spec: {{- else }} {{- toYaml .Values.securityContext | nindent 12 }} {{- end }} - image: "{{ .Values.global.image.registry | default .Values.image.metricsApiServer.registry }}/{ .Values.image.metricsApiServer.repository }}:{{ .Values.image.metricsApiServer.tag | default .Chart.AppVersion }}" + {{- $registry := .Values.global.image.registry | default .Values.image.metricsApiServer.registry | default "" }} + {{- if $registry }} + image: "{{ $registry }}/{{ .Values.image.metricsApiServer.repository }}:{{ .Values.image.metricsApiServer.tag | default .Chart.AppVersion }}" + {{- else }} + image: "{{ .Values.image.metricsApiServer.repository }}:{{ .Values.image.metricsApiServer.tag | default .Chart.AppVersion }}" + {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} livenessProbe: httpGet: diff --git a/helm/keda/templates/27-metrics-servicemonitor.yaml b/helm/keda/templates/27-metrics-servicemonitor.yaml index 450fdec..9c39a74 100644 --- a/helm/keda/templates/27-metrics-servicemonitor.yaml +++ b/helm/keda/templates/27-metrics-servicemonitor.yaml @@ -40,7 +40,7 @@ spec: {{- end }} {{- with .Values.prometheus.metricServer.serviceMonitor.relabellings }} relabelings: - {{ toYaml . | indent 6 }} +{{ toYaml . | indent 6 }} {{- end }} namespaceSelector: matchNames: diff --git a/helm/keda/templates/28-metrics-ciliumnetworkpolicy.yaml b/helm/keda/templates/28-metrics-ciliumnetworkpolicy.yaml index 02227fe..9aaec9b 100644 --- a/helm/keda/templates/28-metrics-ciliumnetworkpolicy.yaml +++ b/helm/keda/templates/28-metrics-ciliumnetworkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if eq .Values.networkPolicy.flavor "cilium" }} +{{- if and .Values.networkPolicy.enabled (eq .Values.networkPolicy.flavor "cilium") }} apiVersion: "cilium.io/v2" kind: CiliumNetworkPolicy metadata: diff --git a/helm/keda/templates/30-webhooks-deployment.yaml b/helm/keda/templates/30-webhooks-deployment.yaml index 39391e1..213ec59 100644 --- a/helm/keda/templates/30-webhooks-deployment.yaml +++ b/helm/keda/templates/30-webhooks-deployment.yaml @@ -61,7 +61,12 @@ spec: {{- else }} {{- toYaml .Values.securityContext | nindent 12 }} {{- end }} - image: "{{ .Values.global.image.registry | default .Values.image.webhooks.registry }}/{{ .Values.image.webhooks.repository }}:{{ .Values.image.webhooks.tag | default .Chart.AppVersion }}" + {{- $registry := .Values.global.image.registry | default .Values.image.webhooks.registry | default "" }} + {{- if $registry }} + image: "{{ $registry }}/{{ .Values.image.webhooks.repository }}:{{ .Values.image.webhooks.tag | default .Chart.AppVersion }}" + {{- else }} + image: "{{ .Values.image.webhooks.repository }}:{{ .Values.image.webhooks.tag | default .Chart.AppVersion }}" + {{- end }} command: - /keda-admission-webhooks args: diff --git a/helm/keda/templates/33-webhooks-servicemonitor.yaml b/helm/keda/templates/33-webhooks-servicemonitor.yaml index b0fcb12..176d002 100644 --- a/helm/keda/templates/33-webhooks-servicemonitor.yaml +++ b/helm/keda/templates/33-webhooks-servicemonitor.yaml @@ -41,7 +41,7 @@ spec: {{- end }} {{- with .Values.prometheus.webhooks.serviceMonitor.relabellings }} relabelings: - {{ toYaml . | indent 6 }} +{{ toYaml . | indent 6 }} {{- end }} namespaceSelector: matchNames: diff --git a/helm/keda/templates/36-webhooks-ciliumnetworkpolicy.yaml b/helm/keda/templates/36-webhooks-ciliumnetworkpolicy.yaml index a3b9d39..208b52b 100644 --- a/helm/keda/templates/36-webhooks-ciliumnetworkpolicy.yaml +++ b/helm/keda/templates/36-webhooks-ciliumnetworkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.webhooks.enabled (eq .Values.networkPolicy.flavor "cilium") }} +{{- if and .Values.webhooks.enabled .Values.networkPolicy.enabled (eq .Values.networkPolicy.flavor "cilium") }} apiVersion: "cilium.io/v2" kind: CiliumNetworkPolicy metadata: diff --git a/helm/keda/values.schema.json b/helm/keda/values.schema.json new file mode 100644 index 0000000..5e6360f --- /dev/null +++ b/helm/keda/values.schema.json @@ -0,0 +1,1242 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "additionalAnnotations": { + "type": "object" + }, + "additionalLabels": { + "type": "object" + }, + "affinity": { + "type": "object", + "properties": { + "podAntiAffinity": { + "type": "object", + "properties": { + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "topologyKey": { + "type": "string" + } + } + } + } + } + } + } + }, + "certificates": { + "type": "object", + "properties": { + "autoGenerated": { + "type": "boolean" + }, + "certManager": { + "type": "object", + "properties": { + "caSecretName": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "generateCA": { + "type": "boolean" + }, + "secretTemplate": { + "type": "object" + } + } + }, + "mountPath": { + "type": "string" + }, + "secretName": { + "type": "string" + } + } + }, + "clusterDomain": { + "type": "string" + }, + "crds": { + "type": "object", + "properties": { + "install": { + "type": "boolean" + } + } + }, + "env": { + "type": "null" + }, + "extraArgs": { + "type": "object", + "properties": { + "keda": { + "type": "object" + }, + "metricsAdapter": { + "type": "object" + } + } + }, + "global": { + "type": "object", + "properties": { + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + } + } + } + } + }, + "grpcTLSCertsSecret": { + "type": "string" + }, + "hashiCorpVaultTLS": { + "type": "string" + }, + "http": { + "type": "object", + "properties": { + "keepAlive": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "minTlsVersion": { + "type": "string" + }, + "timeout": { + "type": "integer" + } + } + }, + "image": { + "type": "object", + "properties": { + "keda": { + "type": "object", + "properties": { + "registry": { + "type": "null" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "metricsApiServer": { + "type": "object", + "properties": { + "registry": { + "type": "null" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "pullPolicy": { + "type": "string" + }, + "webhooks": { + "type": "object", + "properties": { + "registry": { + "type": "null" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + } + } + }, + "imagePullSecrets": { + "type": "array" + }, + "logging": { + "type": "object", + "properties": { + "metricServer": { + "type": "object", + "properties": { + "level": { + "type": "integer" + } + } + }, + "operator": { + "type": "object", + "properties": { + "format": { + "type": "string" + }, + "level": { + "type": "string" + }, + "timeEncoding": { + "type": "string" + } + } + }, + "webhooks": { + "type": "object", + "properties": { + "format": { + "type": "string" + }, + "level": { + "type": "string" + }, + "timeEncoding": { + "type": "string" + } + } + } + } + }, + "metricsServer": { + "type": "object", + "properties": { + "affinity": { + "type": "object", + "properties": { + "podAntiAffinity": { + "type": "object", + "properties": { + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "topologyKey": { + "type": "string" + } + } + } + } + } + } + } + }, + "dnsPolicy": { + "type": "string" + }, + "replicaCount": { + "type": "integer" + }, + "useHostNetwork": { + "type": "boolean" + } + } + }, + "networkPolicy": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "flavor": { + "type": "string" + } + } + }, + "nodeSelector": { + "type": "object" + }, + "operator": { + "type": "object", + "properties": { + "affinity": { + "type": "object", + "properties": { + "podAntiAffinity": { + "type": "object", + "properties": { + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "topologyKey": { + "type": "string" + } + } + } + } + } + } + } + }, + "name": { + "type": "string" + }, + "replicaCount": { + "type": "integer" + } + } + }, + "permissions": { + "type": "object", + "properties": { + "metricServer": { + "type": "object", + "properties": { + "restrict": { + "type": "object", + "properties": { + "secret": { + "type": "boolean" + } + } + } + } + }, + "operator": { + "type": "object", + "properties": { + "restrict": { + "type": "object", + "properties": { + "secret": { + "type": "boolean" + } + } + } + } + } + } + }, + "podAnnotations": { + "type": "object", + "properties": { + "keda": { + "type": "object" + }, + "metricsAdapter": { + "type": "object" + }, + "webhooks": { + "type": "object" + } + } + }, + "podDisruptionBudget": { + "type": "object", + "properties": { + "metricServer": { + "type": "object", + "properties": { + "minAvailable": { + "type": "integer" + } + } + }, + "operator": { + "type": "object", + "properties": { + "minAvailable": { + "type": "integer" + } + } + }, + "webhooks": { + "type": "object", + "properties": { + "minAvailable": { + "type": "integer" + } + } + } + } + }, + "podIdentity": { + "type": "object", + "properties": { + "activeDirectory": { + "type": "object", + "properties": { + "identity": { + "type": "string" + } + } + }, + "aws": { + "type": "object", + "properties": { + "irsa": { + "type": "object", + "properties": { + "audience": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "roleArn": { + "type": "string" + }, + "stsRegionalEndpoints": { + "type": "string" + }, + "tokenExpiration": { + "type": "integer" + } + } + } + } + }, + "azureWorkload": { + "type": "object", + "properties": { + "clientId": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "tenantId": { + "type": "string" + }, + "tokenExpiration": { + "type": "integer" + } + } + } + } + }, + "podLabels": { + "type": "object", + "properties": { + "keda": { + "type": "object" + }, + "metricsAdapter": { + "type": "object" + }, + "webhooks": { + "type": "object" + } + } + }, + "podSecurityContext": { + "type": "object", + "properties": { + "metricServer": { + "type": "object", + "properties": { + "fsGroup": { + "type": "integer" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + } + } + }, + "operator": { + "type": "object", + "properties": { + "fsGroup": { + "type": "integer" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + } + } + }, + "webhooks": { + "type": "object", + "properties": { + "fsGroup": { + "type": "integer" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + } + } + } + } + }, + "priorityClassName": { + "type": "string" + }, + "prometheus": { + "type": "object", + "properties": { + "metricServer": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "podMonitor": { + "type": "object", + "properties": { + "additionalLabels": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "interval": { + "type": "null" + }, + "namespace": { + "type": "null" + }, + "relabelings": { + "type": "array" + }, + "scrapeTimeout": { + "type": "null" + } + } + }, + "port": { + "type": "integer" + }, + "portName": { + "type": "string" + }, + "serviceMonitor": { + "type": "object", + "properties": { + "additionalLabels": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "interval": { + "type": "null" + }, + "jobLabel": { + "type": "null" + }, + "podTargetLabels": { + "type": "array" + }, + "port": { + "type": "string" + }, + "relabellings": { + "type": "array", + "items": { + "type": "object", + "properties": { + "replacement": { + "type": "string" + }, + "targetLabel": { + "type": "string" + } + } + } + }, + "scrapeTimeout": { + "type": "null" + }, + "targetLabels": { + "type": "array" + }, + "targetPort": { + "type": "null" + } + } + } + } + }, + "operator": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "podMonitor": { + "type": "object", + "properties": { + "additionalLabels": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "interval": { + "type": "null" + }, + "namespace": { + "type": "null" + }, + "relabelings": { + "type": "array" + }, + "scrapeTimeout": { + "type": "null" + } + } + }, + "port": { + "type": "integer" + }, + "prometheusRules": { + "type": "object", + "properties": { + "additionalLabels": { + "type": "object" + }, + "alerts": { + "type": "array" + }, + "enabled": { + "type": "boolean" + }, + "namespace": { + "type": "null" + } + } + }, + "serviceMonitor": { + "type": "object", + "properties": { + "additionalLabels": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "interval": { + "type": "null" + }, + "jobLabel": { + "type": "null" + }, + "podTargetLabels": { + "type": "array" + }, + "port": { + "type": "string" + }, + "relabellings": { + "type": "array", + "items": { + "type": "object", + "properties": { + "replacement": { + "type": "string" + }, + "targetLabel": { + "type": "string" + } + } + } + }, + "scrapeTimeout": { + "type": "null" + }, + "targetLabels": { + "type": "array" + }, + "targetPort": { + "type": "null" + } + } + } + } + }, + "webhooks": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "prometheusRules": { + "type": "object", + "properties": { + "additionalLabels": { + "type": "object" + }, + "alerts": { + "type": "array" + }, + "enabled": { + "type": "boolean" + }, + "namespace": { + "type": "null" + } + } + }, + "serviceMonitor": { + "type": "object", + "properties": { + "additionalLabels": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "interval": { + "type": "null" + }, + "jobLabel": { + "type": "null" + }, + "podTargetLabels": { + "type": "array" + }, + "port": { + "type": "string" + }, + "relabellings": { + "type": "array", + "items": { + "type": "object", + "properties": { + "replacement": { + "type": "string" + }, + "targetLabel": { + "type": "string" + } + } + } + }, + "scrapeTimeout": { + "type": "null" + }, + "targetLabels": { + "type": "array" + }, + "targetPort": { + "type": "null" + } + } + } + } + } + } + }, + "rbac": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + } + } + }, + "resources": { + "type": "object", + "properties": { + "metricServer": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "integer" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "operator": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "integer" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "webhooks": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "metricServer": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + }, + "operator": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + }, + "webhooks": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + } + } + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "portHttp": { + "type": "integer" + }, + "portHttpTarget": { + "type": "integer" + }, + "portHttps": { + "type": "integer" + }, + "portHttpsTarget": { + "type": "integer" + }, + "type": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "object" + }, + "upgradeStrategy": { + "type": "object", + "properties": { + "metricsApiServer": { + "type": "object", + "properties": { + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer" + }, + "maxUnavailable": { + "type": "integer" + } + } + }, + "type": { + "type": "string" + } + } + }, + "operator": { + "type": "object", + "properties": { + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer" + }, + "maxUnavailable": { + "type": "integer" + } + } + }, + "type": { + "type": "string" + } + } + }, + "webhooks": { + "type": "object", + "properties": { + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer" + }, + "maxUnavailable": { + "type": "integer" + } + } + }, + "type": { + "type": "string" + } + } + } + } + }, + "volumes": { + "type": "object", + "properties": { + "keda": { + "type": "object", + "properties": { + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + } + } + }, + "metricsApiServer": { + "type": "object", + "properties": { + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + } + } + }, + "webhooks": { + "type": "object", + "properties": { + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + } + } + } + } + }, + "watchNamespace": { + "type": "string" + }, + "webhooks": { + "type": "object", + "properties": { + "affinity": { + "type": "object", + "properties": { + "podAntiAffinity": { + "type": "object", + "properties": { + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "topologyKey": { + "type": "string" + } + } + } + } + } + } + } + }, + "enabled": { + "type": "boolean" + }, + "failurePolicy": { + "type": "string" + }, + "name": { + "type": "string" + }, + "replicaCount": { + "type": "integer" + } + } + } + } +} diff --git a/helm/keda/values.yaml b/helm/keda/values.yaml index 9666011..ae9d240 100644 --- a/helm/keda/values.yaml +++ b/helm/keda/values.yaml @@ -4,25 +4,32 @@ global: image: + # -- Global image registry of KEDA components registry: docker.io image: keda: - # TODO override repository to be able to change it - registry: ghcr.io + # -- Image registry of KEDA operator + registry: null + # -- Image name of KEDA operator repository: giantswarm/keda - # Allows people to override tag if they don't want to use the app version - tag: + # -- Image tag of KEDA operator. Optional, given app version of Helm chart is used by default + tag: "" metricsApiServer: - registry: ghcr.io + # -- Image registry of KEDA Metrics API Server + registry: null + # -- Image name of KEDA Metrics API Server repository: giantswarm/keda-metrics-apiserver - # Allows people to override tag if they don't want to use the app version - tag: + # -- Image tag of KEDA Metrics API Server. Optional, given app version of Helm chart is used by default + tag: "" webhooks: - registry: ghcr.io + # -- Image registry of KEDA admission-webhooks + registry: null + # -- Image name of KEDA admission-webhooks repository: giantswarm/keda-admission-webhooks - # Allows people to override tag if they don't want to use the app version - tag: + # -- Image tag of KEDA admission-webhooks . Optional, given app version of Helm chart is used by default + tag: "" + # -- Image pullPolicy for all KEDA components pullPolicy: Always # Kubernetes cluster domain @@ -102,6 +109,7 @@ upgradeStrategy: maxSurge: 1 networkPolicy: + enabled: true flavor: cilium podDisruptionBudget: @@ -380,7 +388,10 @@ prometheus: targetPort: interval: scrapeTimeout: - relabellings: [] + relabellings: + # Add app label. + - targetLabel: app + replacement: keda additionalLabels: {} podMonitor: # Enables PodMonitor creation for the Prometheus Operator @@ -403,7 +414,10 @@ prometheus: targetPort: interval: scrapeTimeout: - relabellings: [] + relabellings: + # Add app label. + - targetLabel: app + replacement: keda additionalLabels: {} podMonitor: # Enables PodMonitor creation for the Prometheus Operator @@ -440,7 +454,10 @@ prometheus: targetPort: interval: scrapeTimeout: - relabellings: [] + relabellings: + # Add app label. + - targetLabel: app + replacement: keda additionalLabels: {} prometheusRules: # Enables PrometheusRules creation for the Prometheus Operator diff --git a/vendir.lock.yml b/vendir.lock.yml index d9762b0..62f9221 100644 --- a/vendir.lock.yml +++ b/vendir.lock.yml @@ -2,10 +2,8 @@ apiVersion: vendir.k14s.io/v1alpha1 directories: - contents: - git: - commitTitle: 'chore: Release KEDA Chart v2.10.2 (KEDA v2.10.1) (#428)' - sha: 58bfc12d7010a29eef4111408a323ca987fce4f2 - tags: - - v2.10.2 + commitTitle: relabel app label... + sha: 45f5aaacf1a2034304dce7885f5ccedf1ad7059b path: keda path: helm kind: LockConfig diff --git a/vendir.yml b/vendir.yml index 7bcc1de..a2d1034 100644 --- a/vendir.yml +++ b/vendir.yml @@ -6,8 +6,8 @@ directories: - path: keda git: url: https://github.com/giantswarm/keda-upstream - ## We get version 2.10.2 because of kubernetes compatibily reasons - ref: v2.10.2 + ## We use version 2.10.x because of kubernetes compatibility reasons + ref: giantswarm/v2.10.x depth: 1 newRootPath: keda ignorePaths: