From 5fe974af32276e2cbe5b1a223a8f5155cdf8922e Mon Sep 17 00:00:00 2001 From: AnchorArray Date: Tue, 26 Nov 2024 09:37:42 -0700 Subject: [PATCH] Update default image to 2.2.2; add cache; update HPA --- charts/guardrails/CHANGELOG.md | 11 +++++ charts/guardrails/README.md | 22 +++++----- charts/guardrails/README.md.gotmpl | 16 ++++---- .../guardrails/templates/configmap-cache.yaml | 6 +-- .../templates/deployment-cache.yaml | 3 +- charts/guardrails/templates/hpa.yaml | 41 ++++++++++++++++++- charts/guardrails/values.yaml | 35 +++++++++++++++- 7 files changed, 109 insertions(+), 25 deletions(-) diff --git a/charts/guardrails/CHANGELOG.md b/charts/guardrails/CHANGELOG.md index 9105ddc..b825761 100644 --- a/charts/guardrails/CHANGELOG.md +++ b/charts/guardrails/CHANGELOG.md @@ -6,6 +6,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning] (https://semver.org/spec/v2.0.0.html). +## [0.4.0] - 2024-11-26 + +### Changed + +- Default image tag from `2.0.1` to `2.2.2` + +### Added + +- Caching support enabled with `cache.enable: true` +- Horizontal Pod Autoscaler (HPA) support for configuring scaling behavior + ## [0.3.1] - 2024-10-31 ### Fixed diff --git a/charts/guardrails/README.md b/charts/guardrails/README.md index b100f27..e5f1a00 100644 --- a/charts/guardrails/README.md +++ b/charts/guardrails/README.md @@ -31,11 +31,11 @@ You can manage the API keys and container secrets in one of two ways, depending # Helm release name (See installation for release_name usage) release_name="" - kubectl create secret generic "whylabs-${release_name}-api-key" \ + kubectl create secret generic "whylabs-guardrails-api-key" \ --namespace "${target_namespace}" \ --from-literal=WHYLABS_API_KEY="${whylabs_api_key}" - kubectl create secret generic "whylabs-${release_name}-api-secret" \ + kubectl create secret generic "whylabs-guardrails-api-secret" \ --namespace "${target_namespace}" \ --from-literal=CONTAINER_PASSWORD="${container_password}" @@ -67,12 +67,12 @@ You can manage the API keys and container secrets in one of two ways, depending ```yaml envFrom: - whylabs-guardrails-api-key: - type: secretRef - optional: true - whylabs-guardrails-api-secret: - type: secretRef - optional: true + - secretRef: + name: whylabs-guardrails-api-key + optional: true + - secretRef: + name: whylabs-guardrails-api-secret + optional: true ``` - File-based Secrets: If you are using a CSI driver, set envFrom: {} in your @@ -195,9 +195,11 @@ utilization. | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | Affinity settings for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels. | -| autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":70}` | [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) configuration for the `guardrails` container. | +| autoscaling | object | `{"behavior":{"scaleDown":{"policies":[{"periodSeconds":180,"type":"Pods","value":"{{ .Values.replicaCount | int }}"},{"periodSeconds":180,"type":"Percent","value":30}],"selectPolicy":"Max","stabilizationWindowSeconds":300},"scaleUp":{"policies":[{"periodSeconds":180,"type":"Pods","value":"{{ .Values.replicaCount | int }}"},{"periodSeconds":180,"type":"Percent","value":50}],"selectPolicy":"Min","stabilizationWindowSeconds":180}},"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":70}` | [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) configuration for the `guardrails` container. | | cache.annotations | object | `{}` | | +| cache.duration | string | `"1m"` | | | cache.enable | bool | `false` | | +| cache.endpoint | string | `"api.whylabsapp.com"` | | | cache.labels | object | `{}` | | | cache.replicaCount | int | `1` | | | commonLabels | object | `{}` | Labels to add to all chart resources. | @@ -208,7 +210,7 @@ utilization. | fullnameOverride | string | `""` | Override the full name of the chart. | | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy for the `guardrails` container. | | image.repository | string | `"registry.gitlab.com/whylabs/langkit-container"` | Image repository for the `guardrails` container. | -| image.tag | string | `""` | Image tag for the `guardrails` container, this will default to `.Chart.AppVersion` if not set. | +| image.tag | string | `"2.2.2"` | Image tag for the `guardrails` container, this will default to `.Chart.AppVersion` if not set. | | imagePullSecrets[0] | list | `{"name":""}` | Image pull secrets for the `guardrails` container. Defaults to `whylabs-{{ .Release.Name }}-registry-credentials` if `name: ""`. To exclude The ImagePullSecret entirely, set `imagePullSecrets: []` and comment out the list items. | | ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) configuration for the `guardrails` container. | | livenessProbe | object | `{"failureThreshold":3,"httpGet":{"path":"/health","port":8000},"initialDelaySeconds":30,"periodSeconds":30}` | [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `guardrails` container. | diff --git a/charts/guardrails/README.md.gotmpl b/charts/guardrails/README.md.gotmpl index 1f76c99..61778f2 100644 --- a/charts/guardrails/README.md.gotmpl +++ b/charts/guardrails/README.md.gotmpl @@ -38,11 +38,11 @@ You can manage the API keys and container secrets in one of two ways, depending # Helm release name (See installation for release_name usage) release_name="" - kubectl create secret generic "whylabs-${release_name}-api-key" \ + kubectl create secret generic "whylabs-guardrails-api-key" \ --namespace "${target_namespace}" \ --from-literal=WHYLABS_API_KEY="${whylabs_api_key}" - kubectl create secret generic "whylabs-${release_name}-api-secret" \ + kubectl create secret generic "whylabs-guardrails-api-secret" \ --namespace "${target_namespace}" \ --from-literal=CONTAINER_PASSWORD="${container_password}" @@ -74,12 +74,12 @@ You can manage the API keys and container secrets in one of two ways, depending ```yaml envFrom: - whylabs-guardrails-api-key: - type: secretRef - optional: true - whylabs-guardrails-api-secret: - type: secretRef - optional: true + - secretRef: + name: whylabs-guardrails-api-key + optional: true + - secretRef: + name: whylabs-guardrails-api-secret + optional: true ``` - File-based Secrets: If you are using a CSI driver, set envFrom: {} in your diff --git a/charts/guardrails/templates/configmap-cache.yaml b/charts/guardrails/templates/configmap-cache.yaml index fb68d6c..d649e30 100644 --- a/charts/guardrails/templates/configmap-cache.yaml +++ b/charts/guardrails/templates/configmap-cache.yaml @@ -47,12 +47,12 @@ data: } cache_config.conf: | proxy_cache my_cache; - proxy_cache_valid 200 403 1m; + proxy_cache_valid 200 403 {{ .Values.cache.duration }}; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; add_header X-Cache-Status $upstream_cache_status always; common_proxy.conf: | - proxy_pass https://songbird.development.whylabsdev.com; - proxy_set_header Host songbird.development.whylabsdev.com; + proxy_pass https://{{ .Values.cache.endpoint }}; + proxy_set_header Host {{ .Values.cache.endpoint }}; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; diff --git a/charts/guardrails/templates/deployment-cache.yaml b/charts/guardrails/templates/deployment-cache.yaml index c86d92d..f4d5f2c 100644 --- a/charts/guardrails/templates/deployment-cache.yaml +++ b/charts/guardrails/templates/deployment-cache.yaml @@ -21,6 +21,8 @@ spec: app: {{ .Release.Name }}-cache spec: serviceAccountName: {{ include "guardrails.serviceAccountName" . }} + securityContext: + fsGroup: 101 containers: - name: nginx securityContext: @@ -30,7 +32,6 @@ spec: runAsNonRoot: true runAsUser: 101 runAsGroup: 101 - fsGroup: 101 capabilities: drop: ["ALL"] image: "nginxinc/nginx-unprivileged:latest" diff --git a/charts/guardrails/templates/hpa.yaml b/charts/guardrails/templates/hpa.yaml index 5635c08..fd3b6c2 100644 --- a/charts/guardrails/templates/hpa.yaml +++ b/charts/guardrails/templates/hpa.yaml @@ -10,8 +10,45 @@ spec: apiVersion: apps/v1 kind: Deployment name: {{ include "guardrails.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} + minReplicas: {{ default 1 .Values.autoscaling.minReplicas }} + maxReplicas: {{ default 20 .Values.autoscaling.maxReplicas }} + {{- with .Values.autoscaling.behavior }} + behavior: + {{- with .scaleUp }} + scaleUp: + {{- with .policies }} + policies: + {{- range . }} + - type: {{ .type }} + value: {{ tpl (toString .value) $ | int }} + periodSeconds: {{ .periodSeconds | int }} + {{- end }} + {{- end }} + {{- with .selectPolicy }} + selectPolicy: {{ . }} + {{- end }} + {{- with .stabilizationWindowSeconds }} + stabilizationWindowSeconds: {{ . | int }} + {{- end }} + {{- end }} + {{- with .scaleDown }} + scaleDown: + {{- with .policies }} + policies: + {{- range . }} + - type: {{ .type }} + value: {{ tpl (toString .value) $ | int }} + periodSeconds: {{ .periodSeconds | int }} + {{- end }} + {{- end }} + {{- with .selectPolicy }} + selectPolicy: {{ . }} + {{- end }} + {{- with .stabilizationWindowSeconds }} + stabilizationWindowSeconds: {{ . | int}} + {{- end }} + {{- end }} + {{- end }} metrics: {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - type: Resource diff --git a/charts/guardrails/values.yaml b/charts/guardrails/values.yaml index 6e90368..9d1d6c8 100644 --- a/charts/guardrails/values.yaml +++ b/charts/guardrails/values.yaml @@ -1,6 +1,8 @@ cache: enable: false + duration: 1m replicaCount: 1 + endpoint: "api.whylabsapp.com" annotations: {} labels: {} @@ -14,7 +16,7 @@ image: pullPolicy: IfNotPresent # -- (string) Image tag for the `guardrails` container, this will default to # `.Chart.AppVersion` if not set. - tag: "" + tag: "2.2.2" imagePullSecrets: # -- (list) Image pull secrets for the `guardrails` container. Defaults to @@ -138,6 +140,37 @@ autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 + behavior: + scaleUp: + policies: + - type: Pods + value: "{{ .Values.replicaCount | int }}" + periodSeconds: 180 + - type: Percent + value: 50 + periodSeconds: 180 + # selectPolicy can be `Min` or `Max` and refers to scaling policy + # to choose when there are multiple policies; `Max` will choose the + # policy perform the largest scaling adjustment, while `Min` will + # choose the policy that performs the smallest scaling adjustment. + selectPolicy: Min + stabilizationWindowSeconds: 180 + scaleDown: + policies: + - type: Pods + value: "{{ .Values.replicaCount | int }}" + # periodSeconds is the rate at which a policy can be applied; + # this policy may only be applied once per period. + periodSeconds: 180 + - type: Percent + value: 30 + # periodSeconds is the rate at which a policy can be applied; + # this policy may only be applied once per period. + periodSeconds: 180 + selectPolicy: Max + # stabilizationWindowSeconds is how many seconds the HPA looks back + # to determine if a policy is being met. + stabilizationWindowSeconds: 300 targetCPUUtilizationPercentage: 70 # targetMemoryUtilizationPercentage: 70