From 3fec8255f4c474f9e972c05a39d5cd70fa2f59d0 Mon Sep 17 00:00:00 2001 From: Nils Date: Mon, 5 Aug 2024 15:40:26 +0200 Subject: [PATCH 1/8] Added required namespace variable and values file entry, updated docs Signed-off-by: Nils --- keda/README.md | 1 + keda/templates/metrics-server/clusterrolebinding.yaml | 4 ++-- keda/values.yaml | 2 ++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/keda/README.md b/keda/README.md index abf50469..4970f1f3 100644 --- a/keda/README.md +++ b/keda/README.md @@ -178,6 +178,7 @@ their default values. | `podDisruptionBudget.metricServer` | object | `{}` | Capability to configure [Pod Disruption Budget] | | `podLabels.metricsAdapter` | object | `{}` | Pod labels for KEDA Metrics Adapter | | `podSecurityContext.metricServer` | object | [See below](#KEDA-is-secure-by-default) | [Pod security context] of the KEDA metrics apiserver pod | +| `rbac.metricsServerNamespace` | string | `"kube-system"` | Customize the namespace for metrics-server | | `resources.metricServer` | object | `{"limits":{"cpu":1,"memory":"1000Mi"},"requests":{"cpu":"100m","memory":"100Mi"}}` | Manage [resource request & limits] of KEDA metrics apiserver pod | | `securityContext.metricServer` | object | [See below](#KEDA-is-secure-by-default) | [Security context] of the metricServer container | | `service.annotations` | object | `{}` | Annotations to add the KEDA Metric Server service | diff --git a/keda/templates/metrics-server/clusterrolebinding.yaml b/keda/templates/metrics-server/clusterrolebinding.yaml index cf877a2d..a7060a67 100644 --- a/keda/templates/metrics-server/clusterrolebinding.yaml +++ b/keda/templates/metrics-server/clusterrolebinding.yaml @@ -31,7 +31,7 @@ metadata: app.kubernetes.io/name: {{ .Values.operator.name }}-auth-reader {{- include "keda.labels" . | indent 4 }} name: {{ .Values.operator.name }}-auth-reader - namespace: kube-system + namespace: {{ .Values.rbac.metricsServerNamespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -59,5 +59,5 @@ roleRef: subjects: - kind: ServiceAccount name: horizontal-pod-autoscaler - namespace: kube-system + namespace: {{ .Values.rbac.metricsServerNamespace }} {{- end -}} diff --git a/keda/values.yaml b/keda/values.yaml index 6be3df10..8e9fce07 100644 --- a/keda/values.yaml +++ b/keda/values.yaml @@ -277,6 +277,8 @@ rbac: # -- Whether RBAC for configured CRDs that can have a `scale` subresource should be created enabledCustomScaledRefKinds: true + # -- Customize the namespace for metrics-server + metricsServerNamespace: kube-system # -- List of custom resources that support the `scale` subresource and can be referenced by `scaledobject.spec.scaleTargetRef`. # The feature needs to be also enabled by `enabledCustomScaledRefKinds`. # If left empty, RBAC for `apiGroups: *` and `resources: *, */scale` will be created From 7882190fad3bb1bc001ad8473e04ad52a57c8fa3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Bergm=C3=BCller?= Date: Tue, 3 Sep 2024 10:55:52 +0200 Subject: [PATCH 2/8] Added required namespace variable and values file entry, updated docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Nils Bergmüller --- keda/README.md | 2 +- keda/templates/metrics-server/clusterrolebinding.yaml | 4 ++-- keda/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/keda/README.md b/keda/README.md index 4970f1f3..ee3284f9 100644 --- a/keda/README.md +++ b/keda/README.md @@ -178,7 +178,7 @@ their default values. | `podDisruptionBudget.metricServer` | object | `{}` | Capability to configure [Pod Disruption Budget] | | `podLabels.metricsAdapter` | object | `{}` | Pod labels for KEDA Metrics Adapter | | `podSecurityContext.metricServer` | object | [See below](#KEDA-is-secure-by-default) | [Pod security context] of the KEDA metrics apiserver pod | -| `rbac.metricsServerNamespace` | string | `"kube-system"` | Customize the namespace for metrics-server | +| `rbac.controlPlaneServiceAccountsNamespace` | string | `"kube-system"` | Customize the namespace for metrics-server | | `resources.metricServer` | object | `{"limits":{"cpu":1,"memory":"1000Mi"},"requests":{"cpu":"100m","memory":"100Mi"}}` | Manage [resource request & limits] of KEDA metrics apiserver pod | | `securityContext.metricServer` | object | [See below](#KEDA-is-secure-by-default) | [Security context] of the metricServer container | | `service.annotations` | object | `{}` | Annotations to add the KEDA Metric Server service | diff --git a/keda/templates/metrics-server/clusterrolebinding.yaml b/keda/templates/metrics-server/clusterrolebinding.yaml index a7060a67..622bf3b9 100644 --- a/keda/templates/metrics-server/clusterrolebinding.yaml +++ b/keda/templates/metrics-server/clusterrolebinding.yaml @@ -31,7 +31,7 @@ metadata: app.kubernetes.io/name: {{ .Values.operator.name }}-auth-reader {{- include "keda.labels" . | indent 4 }} name: {{ .Values.operator.name }}-auth-reader - namespace: {{ .Values.rbac.metricsServerNamespace }} + namespace: {{ .Values.rbac.controlPlaneServiceAccountsNamespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -59,5 +59,5 @@ roleRef: subjects: - kind: ServiceAccount name: horizontal-pod-autoscaler - namespace: {{ .Values.rbac.metricsServerNamespace }} + namespace: {{ .Values.rbac.controlPlaneServiceAccountsNamespace }} {{- end -}} diff --git a/keda/values.yaml b/keda/values.yaml index 8e9fce07..d55287b3 100644 --- a/keda/values.yaml +++ b/keda/values.yaml @@ -278,7 +278,7 @@ rbac: # -- Whether RBAC for configured CRDs that can have a `scale` subresource should be created enabledCustomScaledRefKinds: true # -- Customize the namespace for metrics-server - metricsServerNamespace: kube-system + controlPlaneServiceAccountsNamespace: kube-system # -- List of custom resources that support the `scale` subresource and can be referenced by `scaledobject.spec.scaleTargetRef`. # The feature needs to be also enabled by `enabledCustomScaledRefKinds`. # If left empty, RBAC for `apiGroups: *` and `resources: *, */scale` will be created From 6a3ae36761d9d4cfcbcf80cb3761f7dbb2437fc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Bergm=C3=BCller?= Date: Tue, 24 Sep 2024 17:41:12 +0200 Subject: [PATCH 3/8] Updated helm-docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Nils Bergmüller --- keda/README.md | 2 +- keda/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/keda/README.md b/keda/README.md index ee3284f9..67b25029 100644 --- a/keda/README.md +++ b/keda/README.md @@ -109,6 +109,7 @@ their default values. | `podSecurityContext` | object | [See below](#KEDA-is-secure-by-default) | [Pod security context] for all pods | | `priorityClassName` | string | `""` | priorityClassName for all KEDA components | | `rbac.aggregateToDefaultRoles` | bool | `false` | Specifies whether RBAC for CRDs should be [aggregated](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles) to default roles (view, edit, admin) | +| `rbac.controlPlaneServiceAccountsNamespace` | string | `"kube-system"` | Customize the namespace of k8s metrics-server deployment | | `rbac.create` | bool | `true` | Specifies whether RBAC should be used | | `rbac.enabledCustomScaledRefKinds` | bool | `true` | Whether RBAC for configured CRDs that can have a `scale` subresource should be created | | `rbac.scaledRefKinds` | list | `[{"apiGroup":"*","kind":"*"}]` | List of custom resources that support the `scale` subresource and can be referenced by `scaledobject.spec.scaleTargetRef`. The feature needs to be also enabled by `enabledCustomScaledRefKinds`. If left empty, RBAC for `apiGroups: *` and `resources: *, */scale` will be created note: Deployments and StatefulSets are supported out of the box | @@ -178,7 +179,6 @@ their default values. | `podDisruptionBudget.metricServer` | object | `{}` | Capability to configure [Pod Disruption Budget] | | `podLabels.metricsAdapter` | object | `{}` | Pod labels for KEDA Metrics Adapter | | `podSecurityContext.metricServer` | object | [See below](#KEDA-is-secure-by-default) | [Pod security context] of the KEDA metrics apiserver pod | -| `rbac.controlPlaneServiceAccountsNamespace` | string | `"kube-system"` | Customize the namespace for metrics-server | | `resources.metricServer` | object | `{"limits":{"cpu":1,"memory":"1000Mi"},"requests":{"cpu":"100m","memory":"100Mi"}}` | Manage [resource request & limits] of KEDA metrics apiserver pod | | `securityContext.metricServer` | object | [See below](#KEDA-is-secure-by-default) | [Security context] of the metricServer container | | `service.annotations` | object | `{}` | Annotations to add the KEDA Metric Server service | diff --git a/keda/values.yaml b/keda/values.yaml index c6758e55..8d54ac19 100644 --- a/keda/values.yaml +++ b/keda/values.yaml @@ -276,7 +276,7 @@ rbac: # -- Whether RBAC for configured CRDs that can have a `scale` subresource should be created enabledCustomScaledRefKinds: true - # -- Customize the namespace for metrics-server + # -- Customize the namespace of k8s metrics-server deployment controlPlaneServiceAccountsNamespace: kube-system # -- List of custom resources that support the `scale` subresource and can be referenced by `scaledobject.spec.scaleTargetRef`. # The feature needs to be also enabled by `enabledCustomScaledRefKinds`. From 5a313ea3c86ff3b034094c5332d0da6df9b300c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Bergm=C3=BCller?= Date: Tue, 24 Sep 2024 18:56:00 +0200 Subject: [PATCH 4/8] Updated helm-docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Nils Bergmüller --- keda/README.md | 10 +++++----- keda/values.yaml | 2 ++ 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/keda/README.md b/keda/README.md index 67b25029..a5e96c5e 100644 --- a/keda/README.md +++ b/keda/README.md @@ -21,7 +21,7 @@ helm repo add kedacore https://kedacore.github.io/charts helm repo update kubectl create namespace keda -helm install keda kedacore/keda --namespace keda --version 2.14.0 +helm install keda kedacore/keda --namespace keda --version 2.15.1 ``` ## Introduction @@ -36,7 +36,7 @@ To install the chart with the release name `keda`: ```console $ kubectl create namespace keda -$ helm install keda kedacore/keda --namespace keda --version 2.14.2 +$ helm install keda kedacore/keda --namespace keda --version 2.15.1 ``` ## Uninstalling the Chart @@ -109,7 +109,7 @@ their default values. | `podSecurityContext` | object | [See below](#KEDA-is-secure-by-default) | [Pod security context] for all pods | | `priorityClassName` | string | `""` | priorityClassName for all KEDA components | | `rbac.aggregateToDefaultRoles` | bool | `false` | Specifies whether RBAC for CRDs should be [aggregated](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles) to default roles (view, edit, admin) | -| `rbac.controlPlaneServiceAccountsNamespace` | string | `"kube-system"` | Customize the namespace of k8s metrics-server deployment | +| `rbac.controlPlaneServiceAccountsNamespace` | string | `"kube-system"` | [docs](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/) | | `rbac.create` | bool | `true` | Specifies whether RBAC should be used | | `rbac.enabledCustomScaledRefKinds` | bool | `true` | Whether RBAC for configured CRDs that can have a `scale` subresource should be created | | `rbac.scaledRefKinds` | list | `[{"apiGroup":"*","kind":"*"}]` | List of custom resources that support the `scale` subresource and can be referenced by `scaledobject.spec.scaleTargetRef`. The feature needs to be also enabled by `enabledCustomScaledRefKinds`. If left empty, RBAC for `apiGroups: *` and `resources: *, */scale` will be created note: Deployments and StatefulSets are supported out of the box | @@ -121,7 +121,7 @@ their default values. | Parameter | Type | Default | Description | |-----------|------|---------|-------------| -| `certificates.operator.caDirs` | list | `["/custom/ca"]` | Location(s) of CA files for authentication of external TLS connections such as TLS-enabled metrics sources | +| `certificates.operator` | string | `nil` | | | `extraArgs.keda` | object | `{}` | Additional KEDA Operator container arguments | | `image.keda.registry` | string | `"ghcr.io"` | Image registry of KEDA operator | | `image.keda.repository` | string | `"kedacore/keda"` | Image name of KEDA operator | @@ -308,7 +308,7 @@ their default values. | `volumes.webhooks.extraVolumeMounts` | list | `[]` | Extra volume mounts for admission webhooks deployment | | `volumes.webhooks.extraVolumes` | list | `[]` | Extra volumes for admission webhooks deployment | | `webhooks.affinity` | object | `{}` | [Affinity] for pod scheduling for KEDA admission webhooks. Takes precedence over the `affinity` field | -| `webhooks.enabled` | bool | `true` | Enable admission webhooks (this feature option will be removed in v2.12) | +| `webhooks.enabled` | bool | `true` | | | `webhooks.failurePolicy` | string | `"Ignore"` | [Failure policy](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy) to use with KEDA admission webhooks | | `webhooks.healthProbePort` | int | `8081` | Port number to use for KEDA admission webhooks health probe | | `webhooks.livenessProbe` | object | `{"failureThreshold":3,"initialDelaySeconds":25,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | Liveness probes for admission webhooks ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)) | diff --git a/keda/values.yaml b/keda/values.yaml index 8d54ac19..49da86d8 100644 --- a/keda/values.yaml +++ b/keda/values.yaml @@ -277,6 +277,8 @@ rbac: # -- Whether RBAC for configured CRDs that can have a `scale` subresource should be created enabledCustomScaledRefKinds: true # -- Customize the namespace of k8s metrics-server deployment + # -- This could also be achieved by the Kubernetes control plane manager flag --use-service-account-credentials: + # -- [docs](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/) controlPlaneServiceAccountsNamespace: kube-system # -- List of custom resources that support the `scale` subresource and can be referenced by `scaledobject.spec.scaleTargetRef`. # The feature needs to be also enabled by `enabledCustomScaledRefKinds`. From be80751815bc08b1016295b4db5e031d68ebe90d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Bergm=C3=BCller?= Date: Tue, 24 Sep 2024 19:01:24 +0200 Subject: [PATCH 5/8] Updated helm-docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Nils Bergmüller --- keda/README.md | 6 +++--- keda/values.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/keda/README.md b/keda/README.md index a5e96c5e..ca4305b6 100644 --- a/keda/README.md +++ b/keda/README.md @@ -109,7 +109,7 @@ their default values. | `podSecurityContext` | object | [See below](#KEDA-is-secure-by-default) | [Pod security context] for all pods | | `priorityClassName` | string | `""` | priorityClassName for all KEDA components | | `rbac.aggregateToDefaultRoles` | bool | `false` | Specifies whether RBAC for CRDs should be [aggregated](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles) to default roles (view, edit, admin) | -| `rbac.controlPlaneServiceAccountsNamespace` | string | `"kube-system"` | [docs](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/) | +| `rbac.controlPlaneServiceAccountsNamespace` | string | `"kube-system"` | Customize the namespace of k8s metrics-server deployment This could also be achieved by the Kubernetes control plane manager flag --use-service-account-credentials: [docs](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/) | | `rbac.create` | bool | `true` | Specifies whether RBAC should be used | | `rbac.enabledCustomScaledRefKinds` | bool | `true` | Whether RBAC for configured CRDs that can have a `scale` subresource should be created | | `rbac.scaledRefKinds` | list | `[{"apiGroup":"*","kind":"*"}]` | List of custom resources that support the `scale` subresource and can be referenced by `scaledobject.spec.scaleTargetRef`. The feature needs to be also enabled by `enabledCustomScaledRefKinds`. If left empty, RBAC for `apiGroups: *` and `resources: *, */scale` will be created note: Deployments and StatefulSets are supported out of the box | @@ -121,7 +121,7 @@ their default values. | Parameter | Type | Default | Description | |-----------|------|---------|-------------| -| `certificates.operator` | string | `nil` | | +| `certificates.operator.caDirs` | list | `["/custom/ca"]` | Location(s) of CA files for authentication of external TLS connections such as TLS-enabled metrics sources | | `extraArgs.keda` | object | `{}` | Additional KEDA Operator container arguments | | `image.keda.registry` | string | `"ghcr.io"` | Image registry of KEDA operator | | `image.keda.repository` | string | `"kedacore/keda"` | Image name of KEDA operator | @@ -308,7 +308,7 @@ their default values. | `volumes.webhooks.extraVolumeMounts` | list | `[]` | Extra volume mounts for admission webhooks deployment | | `volumes.webhooks.extraVolumes` | list | `[]` | Extra volumes for admission webhooks deployment | | `webhooks.affinity` | object | `{}` | [Affinity] for pod scheduling for KEDA admission webhooks. Takes precedence over the `affinity` field | -| `webhooks.enabled` | bool | `true` | | +| `webhooks.enabled` | bool | `true` | Enable admission webhooks (this feature option will be removed in v2.12) | | `webhooks.failurePolicy` | string | `"Ignore"` | [Failure policy](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy) to use with KEDA admission webhooks | | `webhooks.healthProbePort` | int | `8081` | Port number to use for KEDA admission webhooks health probe | | `webhooks.livenessProbe` | object | `{"failureThreshold":3,"initialDelaySeconds":25,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | Liveness probes for admission webhooks ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)) | diff --git a/keda/values.yaml b/keda/values.yaml index 49da86d8..71fc51fd 100644 --- a/keda/values.yaml +++ b/keda/values.yaml @@ -277,8 +277,8 @@ rbac: # -- Whether RBAC for configured CRDs that can have a `scale` subresource should be created enabledCustomScaledRefKinds: true # -- Customize the namespace of k8s metrics-server deployment - # -- This could also be achieved by the Kubernetes control plane manager flag --use-service-account-credentials: - # -- [docs](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/) + # This could also be achieved by the Kubernetes control plane manager flag --use-service-account-credentials: + # [docs](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/) controlPlaneServiceAccountsNamespace: kube-system # -- List of custom resources that support the `scale` subresource and can be referenced by `scaledobject.spec.scaleTargetRef`. # The feature needs to be also enabled by `enabledCustomScaledRefKinds`. From 4013ac353f943f9bd83aa52a10c68428edf568c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Bergm=C3=BCller?= Date: Tue, 24 Sep 2024 19:02:06 +0200 Subject: [PATCH 6/8] Updated helm-docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Nils Bergmüller --- keda/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/keda/README.md b/keda/README.md index ca4305b6..1a5e59ec 100644 --- a/keda/README.md +++ b/keda/README.md @@ -21,7 +21,7 @@ helm repo add kedacore https://kedacore.github.io/charts helm repo update kubectl create namespace keda -helm install keda kedacore/keda --namespace keda --version 2.15.1 +helm install keda kedacore/keda --namespace keda --version 2.14.2 ``` ## Introduction @@ -36,7 +36,7 @@ To install the chart with the release name `keda`: ```console $ kubectl create namespace keda -$ helm install keda kedacore/keda --namespace keda --version 2.15.1 +$ helm install keda kedacore/keda --namespace keda --version 2.14.2 ``` ## Uninstalling the Chart From 5dafe62c0a2fa95e8f9bafe409a2ba16fd5a57c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Bergm=C3=BCller?= Date: Tue, 24 Sep 2024 19:02:54 +0200 Subject: [PATCH 7/8] Updated helm-docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Nils Bergmüller --- keda/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/keda/README.md b/keda/README.md index 1a5e59ec..7c5feeae 100644 --- a/keda/README.md +++ b/keda/README.md @@ -21,7 +21,7 @@ helm repo add kedacore https://kedacore.github.io/charts helm repo update kubectl create namespace keda -helm install keda kedacore/keda --namespace keda --version 2.14.2 +helm install keda kedacore/keda --namespace keda --version 2.14.0 ``` ## Introduction @@ -36,7 +36,7 @@ To install the chart with the release name `keda`: ```console $ kubectl create namespace keda -$ helm install keda kedacore/keda --namespace keda --version 2.14.2 +$ helm install keda kedacore/keda --namespace keda --version 2.14.0 ``` ## Uninstalling the Chart From 436627ce744829622bb0eb8bd8fda6ef5b3d180f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Bergm=C3=BCller?= Date: Tue, 24 Sep 2024 19:03:32 +0200 Subject: [PATCH 8/8] Updated helm-docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Nils Bergmüller --- keda/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keda/README.md b/keda/README.md index 7c5feeae..fa101631 100644 --- a/keda/README.md +++ b/keda/README.md @@ -36,7 +36,7 @@ To install the chart with the release name `keda`: ```console $ kubectl create namespace keda -$ helm install keda kedacore/keda --namespace keda --version 2.14.0 +$ helm install keda kedacore/keda --namespace keda --version 2.14.2 ``` ## Uninstalling the Chart