125 | ```
126 |
127 | Alternatively, a YAML file that specifies the values for the above parameters can
128 | be provided while installing the chart. For example,
129 |
130 | ```console
131 | helm install keda kedacore/keda --namespace keda -f values.yaml
132 | ```
133 |
134 | ## KEDA is secure by default
135 |
136 | Our default configuration strives to be as secure as possible. Because of that, KEDA will run as non-root and be secure-by-default:
137 | ```yaml
138 | securityContext:
139 | operator:
140 | capabilities:
141 | drop:
142 | - ALL
143 | allowPrivilegeEscalation: false
144 | readOnlyRootFilesystem: true
145 | seccompProfile:
146 | type: RuntimeDefault
147 | metricServer:
148 | capabilities:
149 | drop:
150 | - ALL
151 | allowPrivilegeEscalation: false
152 | ## Metrics server needs to write the self-signed cert. See FAQ for discussion of options.
153 | # readOnlyRootFilesystem: true
154 | seccompProfile:
155 | type: RuntimeDefault
156 | webhooks:
157 | capabilities:
158 | drop:
159 | - ALL
160 | allowPrivilegeEscalation: false
161 | readOnlyRootFilesystem: true
162 | seccompProfile:
163 | type: RuntimeDefault
164 |
165 | podSecurityContext:
166 | operator:
167 | runAsNonRoot: true
168 | metricServer:
169 | runAsNonRoot: true
170 | webhooks:
171 | runAsNonRoot: true
172 | ```
173 |
174 | ----------------------------------------------
175 | Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
176 |
177 | [Affinity]: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/
178 | [Deployment upgrade strategy]: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
179 | [GCP Workload Identity]: https://keda.sh/docs/2.10/authentication-providers/gcp-workload-identity/
180 | [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
181 | [Pod security context]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
182 | [Security context]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
183 | [Pod Topology Constraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
184 | [RelabelConfig Spec]: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.RelabelConfig
185 | [resource request & limits]: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
186 | [ServiceMonitor Spec]: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.ServiceMonitor
187 |
--------------------------------------------------------------------------------
/keda/templates/webhooks/deployment.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.webhooks.enabled }}
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: {{ .Values.webhooks.name }}
6 | namespace: {{ .Release.Namespace }}
7 | {{- with .Values.additionalAnnotations }}
8 | annotations:
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 | labels:
12 | app: {{ .Values.webhooks.name }}
13 | name: {{ .Values.webhooks.name }}
14 | app.kubernetes.io/name: {{ .Values.webhooks.name }}
15 | {{- include "keda.labels" . | indent 4 }}
16 | spec:
17 | revisionHistoryLimit: {{ .Values.webhooks.revisionHistoryLimit}}
18 | replicas: {{ .Values.webhooks.replicaCount}}
19 | {{- with .Values.upgradeStrategy.webhooks }}
20 | strategy:
21 | {{- toYaml . | nindent 4 }}
22 | {{- end }}
23 | selector:
24 | matchLabels:
25 | app: {{ .Values.webhooks.name }}
26 | template:
27 | metadata:
28 | labels:
29 | app: {{ .Values.webhooks.name }}
30 | name: {{ .Values.webhooks.name }}
31 | app.kubernetes.io/name: {{ .Values.webhooks.name }}
32 | {{- include "keda.labels" . | indent 8 }}
33 | {{- if .Values.podLabels.webhooks }}
34 | {{- toYaml .Values.podLabels.webhooks | nindent 8 }}
35 | {{- end }}
36 | {{- if or .Values.podAnnotations.webhooks .Values.additionalAnnotations }}
37 | annotations:
38 | {{- if .Values.podAnnotations.webhooks }}
39 | {{- toYaml .Values.podAnnotations.webhooks | nindent 8 }}
40 | {{- end }}
41 | {{- if .Values.additionalAnnotations }}
42 | {{- toYaml .Values.additionalAnnotations | nindent 8 }}
43 | {{- end }}
44 | {{- end }}
45 | spec:
46 | enableServiceLinks: {{ .Values.enableServiceLinks }}
47 | {{- if .Values.priorityClassName }}
48 | priorityClassName: {{ .Values.priorityClassName | quote }}
49 | {{- end }}
50 | {{- with .Values.imagePullSecrets }}
51 | imagePullSecrets:
52 | {{- toYaml . | nindent 8 }}
53 | {{- end }}
54 | serviceAccountName: {{ (.Values.serviceAccount.webhooks).name | default .Values.serviceAccount.name }}
55 | automountServiceAccountToken: {{ kindIs "invalid" (.Values.serviceAccount.webhooks).automountServiceAccountToken | ternary .Values.serviceAccount.automountServiceAccountToken (.Values.serviceAccount.webhooks).automountServiceAccountToken }}
56 | securityContext:
57 | {{- if .Values.podSecurityContext.webhooks }}
58 | {{- toYaml .Values.podSecurityContext.webhooks | nindent 8 }}
59 | {{- else }}
60 | {{- toYaml .Values.podSecurityContext | nindent 8 }}
61 | {{- end }}
62 | containers:
63 | - name: {{ .Values.webhooks.name }}
64 | securityContext:
65 | {{- if .Values.securityContext.webhooks }}
66 | {{- toYaml .Values.securityContext.webhooks | nindent 12 }}
67 | {{- else }}
68 | {{- toYaml .Values.securityContext | nindent 12 }}
69 | {{- end }}
70 | {{- $registry := .Values.global.image.registry | default .Values.image.webhooks.registry | default "" }}
71 | {{- if $registry }}
72 | image: "{{ $registry }}/{{ .Values.image.webhooks.repository }}:{{ .Values.image.webhooks.tag | default .Chart.AppVersion }}"
73 | {{- else }}
74 | image: "{{ .Values.image.webhooks.repository }}:{{ .Values.image.webhooks.tag | default .Chart.AppVersion }}"
75 | {{- end }}
76 | command:
77 | - /keda-admission-webhooks
78 | args:
79 | - "--zap-log-level={{ .Values.logging.webhooks.level }}"
80 | - "--zap-encoder={{ .Values.logging.webhooks.format }}"
81 | - "--zap-time-encoding={{ .Values.logging.webhooks.timeEncoding }}"
82 | - "--cert-dir={{ .Values.certificates.mountPath }}"
83 | - "--health-probe-bind-address=:{{ .Values.webhooks.healthProbePort }}"
84 | {{- if .Values.webhooks.port }}
85 | - "--port={{ .Values.webhooks.port }}"
86 | {{- end }}
87 | - --metrics-bind-address=:{{ .Values.prometheus.webhooks.port }}
88 | {{- if .Values.profiling.webhooks.enabled }}
89 | - "--profiling-bind-address=:{{ .Values.profiling.webhooks.port }}"
90 | {{- end }}
91 | {{- range $key, $value := .Values.extraArgs.webhooks }}
92 | - --{{ $key }}={{ $value }}
93 | {{- end }}
94 | imagePullPolicy: {{ .Values.image.pullPolicy }}
95 | livenessProbe:
96 | httpGet:
97 | path: /healthz
98 | port: {{ .Values.webhooks.healthProbePort }}
99 | initialDelaySeconds: {{ .Values.webhooks.livenessProbe.initialDelaySeconds }}
100 | periodSeconds: {{ .Values.webhooks.livenessProbe.periodSeconds }}
101 | timeoutSeconds: {{ .Values.webhooks.livenessProbe.timeoutSeconds }}
102 | failureThreshold: {{ .Values.webhooks.livenessProbe.failureThreshold }}
103 | successThreshold: {{ .Values.webhooks.livenessProbe.successThreshold }}
104 | readinessProbe:
105 | httpGet:
106 | path: /readyz
107 | port: {{ .Values.webhooks.healthProbePort }}
108 | initialDelaySeconds: {{ .Values.webhooks.readinessProbe.initialDelaySeconds }}
109 | periodSeconds: {{ .Values.webhooks.readinessProbe.periodSeconds }}
110 | timeoutSeconds: {{ .Values.webhooks.readinessProbe.timeoutSeconds }}
111 | failureThreshold: {{ .Values.webhooks.readinessProbe.failureThreshold }}
112 | successThreshold: {{ .Values.webhooks.readinessProbe.successThreshold }}
113 | ports:
114 | - containerPort: {{ .Values.webhooks.port | default 9443 }}
115 | name: http
116 | protocol: TCP
117 | {{- if .Values.prometheus.webhooks.enabled }}
118 | - containerPort: {{ .Values.prometheus.webhooks.port }}
119 | name: metrics
120 | protocol: TCP
121 | {{- end }}
122 | env:
123 | - name: WATCH_NAMESPACE
124 | value: {{ .Values.watchNamespace | quote }}
125 | - name: POD_NAME
126 | valueFrom:
127 | fieldRef:
128 | fieldPath: metadata.name
129 | - name: POD_NAMESPACE
130 | valueFrom:
131 | fieldRef:
132 | fieldPath: metadata.namespace
133 | {{- if .Values.env }}
134 | {{- toYaml .Values.env | nindent 12 -}}
135 | {{- end }}
136 | volumeMounts:
137 | - mountPath: {{ .Values.certificates.mountPath }}
138 | name: certificates
139 | readOnly: true
140 | {{- if .Values.volumes.webhooks.extraVolumeMounts }}
141 | {{- toYaml .Values.volumes.webhooks.extraVolumeMounts | nindent 10 }}
142 | {{- end }}
143 | resources:
144 | {{- if .Values.resources.webhooks }}
145 | {{- toYaml .Values.resources.webhooks | nindent 12 }}
146 | {{- else }}
147 | {{- toYaml .Values.resources | nindent 12 }}
148 | {{- end }}
149 | volumes:
150 | - name: certificates
151 | secret:
152 | defaultMode: 420
153 | secretName: {{ .Values.certificates.secretName }}
154 | {{- if .Values.volumes.webhooks.extraVolumes }}
155 | {{- toYaml .Values.volumes.webhooks.extraVolumes | nindent 6 }}
156 | {{- end }}
157 | hostNetwork: {{ .Values.webhooks.useHostNetwork }}
158 | nodeSelector:
159 | kubernetes.io/os: linux
160 | {{- with .Values.nodeSelector }}
161 | {{- toYaml . | nindent 8 }}
162 | {{- end }}
163 | {{- if .Values.webhooks.affinity }}
164 | affinity:
165 | {{- toYaml .Values.webhooks.affinity | nindent 8 }}
166 | {{- else if .Values.affinity }}
167 | affinity:
168 | {{- toYaml .Values.affinity | nindent 8 }}
169 | {{- end }}
170 | {{- with .Values.topologySpreadConstraints.webhooks }}
171 | topologySpreadConstraints:
172 | {{- toYaml . | nindent 8 }}
173 | {{- end }}
174 | {{- with .Values.tolerations }}
175 | tolerations:
176 | {{- toYaml . | nindent 8 }}
177 | {{- end }}
178 | {{- $dnsConfig := .Values.webhooks.dnsConfig | default .Values.global.dnsConfig }}
179 | {{- if $dnsConfig }}
180 | dnsConfig:
181 | {{- toYaml $dnsConfig | nindent 8 }}
182 | {{- end }}
183 | {{- end }}
184 |
--------------------------------------------------------------------------------
/http-add-on/README.md.gotmpl:
--------------------------------------------------------------------------------
1 | 
2 |
3 | Kubernetes-based Event Driven Autoscaling - HTTP Add-On
4 |
5 |
6 | The KEDA HTTP Add On allows Kubernetes users to automatically scale their HTTP servers up and down (including to/from zero) based on incoming HTTP traffic. Please see our [use cases document](./docs/use_cases.md) to learn more about how and why you would use this project.
7 |
8 | | 🚧 **Alpha - Not for production** 🚧|
9 | |---------------------------------------------|
10 | | ⚠ The HTTP add-on is in [experimental stage](https://github.com/kedacore/keda/issues/538) and not ready for production.
It is provided as-is without support.
11 |
12 | >This codebase moves very quickly. We can't currently guarantee that any part of it will work. Neither the complete feature set nor known issues may be fully documented. Similarly, issues filed against this project may not be responded to quickly or at all. **We will release and announce a beta release of this project**, and after we do that, we will document and respond to issues properly.
13 |
14 | ## Walkthrough
15 |
16 | Although this is an **alpha release** project right now, we have prepared a walkthrough document that with instructions on getting started for basic usage.
17 |
18 | See that document at [docs/walkthrough.md](https://github.com/kedacore/http-add-on/tree/main/docs/walkthrough.md)
19 |
20 | ## Design
21 |
22 | The HTTP add-on is composed of multiple mostly independent components. This design was chosen to allow for highly
23 | customizable installations while allowing us to ship reasonable defaults.
24 |
25 | - We have written a complete design document. Please see it at [docs/design.md](https://github.com/kedacore/http-add-on/tree/main/docs/design.md).
26 | - For more context on the design, please see our [scope document](https://github.com/kedacore/http-add-on/tree/main/docs/scope.md).
27 | - If you have further questions about the project, please see our [FAQ document](https://github.com/kedacore/http-add-on/tree/main/docs/faq.md).
28 |
29 | ## Installation
30 |
31 | Please see the [complete installation instructions](https://github.com/kedacore/http-add-on/tree/main/docs/install.md).
32 |
33 | ## Contributing
34 |
35 | Please see the [contributing documentation for all instructions](https://github.com/kedacore/http-add-on/tree/main/docs/contributing.md).
36 |
37 | ---
38 | We are a Cloud Native Computing Foundation (CNCF) graduated project.
39 |
40 |
41 | ---
42 |
43 | ## TL;DR
44 |
45 | ```console
46 | helm repo add kedacore https://kedacore.github.io/charts
47 | helm repo update
48 |
49 | helm install http-add-on kedacore/keda-add-ons-http --create-namespace --namespace keda --version {{ template "chart.appVersion" . }}
50 | ```
51 |
52 | ## Introduction
53 |
54 | This chart bootstraps KEDA HTTP Add-on infrastructure on a Kubernetes cluster using the Helm package manager.
55 |
56 | As part of that, it will install all the required Custom Resource Definitions (CRD).
57 |
58 | ## Installing the Chart
59 |
60 | To install the chart with the release name `http-add-on`, please read the [install instructions on the official repository to get started](https://github.com/kedacore/http-add-on/tree/main/docs/install.md):
61 |
62 | ```console
63 | $ helm install http-add-on kedacore/keda-add-ons-http --namespace keda
64 | ```
65 |
66 | > **Important:** This chart **needs** KEDA installed in your cluster to work properly.
67 |
68 | ## Uninstalling the Chart
69 |
70 | To uninstall/delete the `http-add-on` Helm chart:
71 |
72 | ```console
73 | helm uninstall http-add-on
74 | ```
75 |
76 | The command removes all the Kubernetes components associated with the chart and deletes the release.
77 |
78 | ## Configuration
79 |
80 | The following table lists the configurable parameters of the HTTP Add-On chart and
81 | their default values.
82 |
83 | ### General parameters
84 |
85 | | Parameter | Type | Default | Description |
86 | |-----------|------|---------|-------------|
87 | {{- range .Values }}
88 | {{- if not (or (hasPrefix "operator" .Key) (hasPrefix "scaler" .Key) (hasPrefix "interceptor" .Key) ) }}
89 | | `{{ .Key }}` | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
90 | {{- end }}
91 | {{- end }}
92 |
93 | ### Operator
94 |
95 | | Parameter | Type | Default | Description |
96 | |-----------|------|---------|-------------|
97 | {{- range .Values }}
98 | {{- if hasPrefix "operator" .Key }}
99 | | `{{ .Key }}` | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
100 | {{- end }}
101 | {{- end }}
102 |
103 | ### Scaler
104 |
105 | | Parameter | Type | Default | Description |
106 | |-----------|------|---------|-------------|
107 | {{- range .Values }}
108 | {{- if hasPrefix "scaler" .Key }}
109 | | `{{ .Key }}` | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
110 | {{- end }}
111 | {{- end }}
112 |
113 | ### Interceptor
114 |
115 | | Parameter | Type | Default | Description |
116 | |-----------|------|---------|-------------|
117 | {{- range .Values }}
118 | {{- if hasPrefix "interceptor" .Key }}
119 | | `{{ .Key }}` | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
120 | {{- end }}
121 | {{- end }}
122 |
123 | Specify each parameter using the `--set key=value[,key=value]` argument to
124 | `helm install`. For example:
125 |
126 | ```console
127 | $ helm install http-add-on kedacore/keda-add-ons-http --namespace keda \
128 | --set version=
129 | ```
130 |
131 | Alternatively, a YAML file that specifies the values for the above parameters can
132 | be provided while installing the chart. For example,
133 |
134 | ```console
135 | helm install http-add-on kedacore/keda-add-ons-http --namespace keda -f values.yaml
136 | ```
137 |
138 | ## KEDA is secure by default
139 |
140 | Our default configuration strives to be as secure as possible. Because of that, KEDA will run as non-root and be secure-by-default. You can define global securityContext for all components or switch to granular mode and define securityContext for operator, kuberbacproxy, scaler, and interceptor:
141 | ```yaml
142 | securityContext:
143 | allowPrivilegeEscalation: false
144 | capabilities:
145 | drop:
146 | - ALL
147 | privileged: false
148 | readOnlyRootFilesystem: true
149 | # runAsUser: 1000
150 | # runAsGroup: 1000
151 | # operator:
152 | # capabilities:
153 | # drop:
154 | # - ALL
155 | # allowPrivilegeEscalation: false
156 | # readOnlyRootFilesystem: true
157 | # seccompProfile:
158 | # type: RuntimeDefault
159 | # kuberbacproxy:
160 | # capabilities:
161 | # drop:
162 | # - ALL
163 | # allowPrivilegeEscalation: false
164 | # readOnlyRootFilesystem: true
165 | # seccompProfile:
166 | # type: RuntimeDefault
167 | # scaler:
168 | # capabilities:
169 | # drop:
170 | # - ALL
171 | # allowPrivilegeEscalation: false
172 | # readOnlyRootFilesystem: true
173 | # seccompProfile:
174 | # type: RuntimeDefault
175 | # interceptor:
176 | # capabilities:
177 | # drop:
178 | # - ALL
179 | # allowPrivilegeEscalation: false
180 | # readOnlyRootFilesystem: true
181 | # seccompProfile:
182 | # type: RuntimeDefault
183 | podSecurityContext:
184 | fsGroup: 1000
185 | supplementalGroups:
186 | - 1000
187 | # operator:
188 | # runAsNonRoot: true
189 | # runAsUser: 1000
190 | # runAsGroup: 1000
191 | # fsGroup: 1000
192 | # scaler:
193 | # runAsNonRoot: true
194 | # runAsUser: 1000
195 | # runAsGroup: 1000
196 | # fsGroup: 1000
197 | # interceptor:
198 | # runAsNonRoot: true
199 | # runAsUser: 1000
200 | # runAsGroup: 1000
201 | # fsGroup: 1000
202 | ```
203 |
204 | ----------------------------------------------
205 | Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
206 |
--------------------------------------------------------------------------------
/.github/workflows/ci-core.yml:
--------------------------------------------------------------------------------
1 | name: Helm Chart CI (Core)
2 | on:
3 | # Trigger the workflow on push or pull request,
4 | # but only for the main branch
5 | push:
6 | branches:
7 | - main
8 | paths:
9 | - '.github/workflows/ci-core.yml'
10 | - 'keda/**'
11 | pull_request:
12 | branches:
13 | - main
14 | - release/*
15 | paths:
16 | - '.github/workflows/ci-core.yml'
17 | - 'keda/**'
18 |
19 | concurrency:
20 | group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
21 | cancel-in-progress: true
22 |
23 | jobs:
24 | lint-helm-3-x:
25 | name: Lint Helm Chart
26 | runs-on: ubuntu-latest
27 | steps:
28 | - name: Check out code
29 | uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v4
30 |
31 | - name: Helm install
32 | uses: Azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
33 |
34 | - name: Lint 'KEDA' Helm chart
35 | run: helm lint keda
36 |
37 | deploy-helm-3-x:
38 | name: Deploy to Kubernetes ${{ matrix.kubernetesVersion }} in '${{matrix.namespace}}' namespace (${{ (matrix.enableAzureWorkloadIdentity == true && 'With Azure Workload Identity') || 'Without Azure Workload Identity' }} | ${{ (matrix.enableCertManager == true && 'With cert-manager') || 'Without cert-manager' }})
39 | needs: lint-helm-3-x
40 | runs-on: ubuntu-latest
41 | strategy:
42 | fail-fast: false
43 | matrix:
44 | enableAzureWorkloadIdentity: [false, true]
45 | kubernetesVersion: [v1.33, v1.32, v1.31, v1.23]
46 | namespace: ["keda", "not-keda"]
47 | enableCertManager: [false, true]
48 | include:
49 | # Azure Workload Identity
50 | - enableAzureWorkloadIdentity: true
51 | tenantId: contoso
52 | clientId: ABC
53 | - enableAzureWorkloadIdentity: false
54 | tenantId: ""
55 | clientId: ""
56 | # Images are defined on every Kind release
57 | # See https://github.com/kubernetes-sigs/kind/releases
58 | - kubernetesVersion: v1.33
59 | kindImage: kindest/node:v1.33.4@sha256:25a6018e48dfcaee478f4a59af81157a437f15e6e140bf103f85a2e7cd0cbbf2
60 | - kubernetesVersion: v1.32
61 | kindImage: kindest/node:v1.32.8@sha256:abd489f042d2b644e2d033f5c2d900bc707798d075e8186cb65e3f1367a9d5a1
62 | - kubernetesVersion: v1.31
63 | kindImage: kindest/node:v1.31.12@sha256:0f5cc49c5e73c0c2bb6e2df56e7df189240d83cf94edfa30946482eb08ec57d2
64 | - kubernetesVersion: v1.23
65 | kindImage: kindest/node:v1.23.17@sha256:59c989ff8a517a93127d4a536e7014d28e235fb3529d9fba91b3951d461edfdb
66 | steps:
67 | - name: Check out code
68 | uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v4
69 |
70 | - name: Helm install
71 | uses: Azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
72 |
73 | - name: Create k8s ${{ matrix.kubernetesVersion }} Kind Cluster
74 | uses: helm/kind-action@92086f6be054225fa813e0a4b13787fc9088faab # v1.13.0
75 | with:
76 | node_image: ${{ matrix.kindImage }}
77 |
78 | - name: Show Kubernetes version
79 | run: |
80 | kubectl version
81 |
82 | - name: Show Kubernetes nodes
83 | run: |
84 | kubectl get nodes -o wide
85 |
86 | - name: Show Helm version
87 | run: |
88 | helm version
89 |
90 | - name: Generate values
91 | run: |
92 | cat < test-values.yaml
93 | image:
94 | keda:
95 | tag: main
96 | metricsApiServer:
97 | tag: main
98 | webhooks:
99 | tag: main
100 | podIdentity:
101 | azureWorkload:
102 | enabled: ${{ matrix.enableAzureWorkloadIdentity }}
103 | tenantId: ${{ matrix.tenantId }}
104 | clientId: ${{ matrix.clientId }}
105 | podDisruptionBudget:
106 | operator:
107 | maxUnavailable: 1
108 | metricServer:
109 | maxUnavailable: 1
110 | webhooks:
111 | maxUnavailable: 1
112 | prometheus:
113 | operator:
114 | enabled: true
115 | podMonitor:
116 | enabled: true
117 | serviceMonitor:
118 | enabled: true
119 | relabelings:
120 | - regex: (go_.*)
121 | action: drop
122 | webhooks:
123 | enabled: true
124 | serviceMonitor:
125 | enabled: true
126 | relabelings:
127 | - regex: (go_.*)
128 | action: drop
129 | metricServer:
130 | enabled: true
131 | serviceMonitor:
132 | enabled: true
133 | relabelings:
134 | - regex: (go_.*)
135 | action: drop
136 | webhooks:
137 | failurePolicy: Fail
138 | certificates:
139 | autoGenerated: true
140 | certManager:
141 | enabled: ${{ matrix.enableCertManager }}
142 | generateCA: true
143 | extraInitContainers:
144 | - name: hello-once
145 | args:
146 | - -c
147 | - "echo 'Hello World!'"
148 | command:
149 | - /bin/sh
150 | image: 'busybox:glibc'
151 | extraContainers:
152 | - name: hello-many
153 | args:
154 | - -c
155 | - "while true; do echo hi; sleep 300; done"
156 | command:
157 | - /bin/sh
158 | image: 'busybox:glibc'
159 | extraObjects:
160 | - apiVersion: keda.sh/v1alpha1
161 | kind: ClusterTriggerAuthentication
162 | metadata:
163 | name: aws-credentials
164 | namespace: keda
165 | annotations:
166 | helm.sh/hook: post-install
167 | spec:
168 | podIdentity:
169 | provider: aws-eks
170 | additionalAnnotations:
171 | sample: "annotation"
172 | service:
173 | additionalAnnotations:
174 | hello: "cloud-native world"
175 | EOF
176 |
177 | - name: Install deps
178 | run: |
179 | helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
180 | helm repo add jetstack https://charts.jetstack.io
181 | helm repo update
182 | helm install prometheus-stack prometheus-community/prometheus-operator-crds --namespace monitoring --create-namespace --wait
183 | helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
184 |
185 | - name: Create KEDA's namespace (${{ matrix.namespace }})
186 | run: kubectl create ns ${{ matrix.namespace }}
187 |
188 | - name: Template Helm chart
189 | run: helm template keda ./keda/ --namespace ${{ matrix.namespace }} --values test-values.yaml
190 |
191 | - name: Install Helm chart
192 | run: helm install keda ./keda/ --namespace ${{ matrix.namespace }} --values test-values.yaml --wait
193 |
194 | - name: Show Kubernetes resources (KEDA)
195 | run: kubectl get all --namespace ${{ matrix.namespace }}
196 | if: always()
197 |
198 | - name: Show Kubernetes resources (Monitoring)
199 | run: kubectl get all --namespace monitoring
200 | if: always()
201 |
202 | - name: Get all CRDs
203 | run: kubectl get crds -o wide
204 |
205 | - name: Verify clustertriggerauthentications.keda.sh CRD is installed
206 | run: kubectl get crd/clustertriggerauthentications.keda.sh -o wide
207 |
208 | - name: Verify triggerauthentications.keda.sh CRD is installed
209 | run: kubectl get crd/triggerauthentications.keda.sh -o wide
210 |
211 | - name: Verify scaledjobs.keda.sh CRD is installed
212 | run: kubectl get crd/scaledjobs.keda.sh -o wide
213 |
214 | - name: Verify scaledobjects.keda.sh CRD is installed
215 | run: kubectl get crd/scaledobjects.keda.sh -o wide
216 |
217 | - name: Verify cloudeventsources.eventing.keda.sh CRD is installed
218 | run: kubectl get crd/cloudeventsources.eventing.keda.sh -o wide
219 |
220 | - name: Verify clustercloudeventsources.eventing.keda.sh CRD is installed
221 | run: kubectl get crd/clustercloudeventsources.eventing.keda.sh -o wide
222 |
223 | - name: Get all ScaledObjects
224 | run: kubectl get scaledobjects -o wide
225 |
226 | - name: Get all ScaledJobs
227 | run: kubectl get scaledjobs -o wide
228 |
229 | - name: Get all TriggerAuthentication
230 | run: kubectl get triggerauth -o wide
231 |
232 | - name: Get all ClusterTriggerAuthentication
233 | run: kubectl get clustertriggerauth -o wide
234 |
235 | - name: Get all CloudEventSource
236 | run: kubectl get cloudeventsource -o wide
237 |
238 | - name: Deploy Nginx with autoscaling
239 | run: kubectl apply -f ./samples/nginx-scaledobject.yml
240 |
241 | - name: Get our Nginx ScaledObject
242 | run: kubectl get scaledobjects/nginx-autoscaling -o wide
243 | if: always()
244 |
--------------------------------------------------------------------------------
/keda/templates/metrics-server/deployment.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: {{ .Values.operator.name }}-metrics-apiserver
5 | namespace: {{ .Release.Namespace }}
6 | {{- with .Values.additionalAnnotations }}
7 | annotations:
8 | {{- toYaml . | nindent 4 }}
9 | {{- end }}
10 | labels:
11 | app: {{ .Values.operator.name }}-metrics-apiserver
12 | app.kubernetes.io/name: {{ .Values.operator.name }}-metrics-apiserver
13 | {{- include "keda.labels" . | indent 4 }}
14 | spec:
15 | revisionHistoryLimit: {{ .Values.metricsServer.revisionHistoryLimit}}
16 | replicas: {{ .Values.metricsServer.replicaCount }}
17 | {{- with .Values.upgradeStrategy.metricsApiServer }}
18 | strategy:
19 | {{- toYaml . | nindent 4 }}
20 | {{- end }}
21 | selector:
22 | matchLabels:
23 | app: {{ .Values.operator.name }}-metrics-apiserver
24 | template:
25 | metadata:
26 | labels:
27 | app: {{ .Values.operator.name }}-metrics-apiserver
28 | app.kubernetes.io/name: {{ .Values.operator.name }}-metrics-apiserver
29 | {{- include "keda.labels" . | indent 8 }}
30 | {{- if .Values.podLabels.metricsAdapter }}
31 | {{- toYaml .Values.podLabels.metricsAdapter | nindent 8}}
32 | {{- end }}
33 | {{- if or .Values.additionalAnnotations .Values.podAnnotations.metricsAdapter (and .Values.prometheus.metricServer.enabled ( not (or .Values.prometheus.metricServer.podMonitor.enabled .Values.prometheus.metricServer.serviceMonitor.enabled )) )}}
34 | annotations:
35 | {{- if .Values.additionalAnnotations }}
36 | {{- toYaml .Values.additionalAnnotations | nindent 8 }}
37 | {{- end }}
38 | {{- if and .Values.prometheus.metricServer.enabled ( not (or .Values.prometheus.metricServer.podMonitor.enabled .Values.prometheus.metricServer.serviceMonitor.enabled )) }}
39 | prometheus.io/scrape: "true"
40 | prometheus.io/port: {{ .Values.prometheus.metricServer.port | quote }}
41 | {{- end }}
42 | {{- if .Values.podAnnotations.metricsAdapter }}
43 | {{- toYaml .Values.podAnnotations.metricsAdapter | nindent 8}}
44 | {{- end }}
45 | {{- end }}
46 | spec:
47 | enableServiceLinks: {{ .Values.enableServiceLinks }}
48 | {{- if .Values.priorityClassName }}
49 | priorityClassName: {{ .Values.priorityClassName | quote }}
50 | {{- end }}
51 | {{- with .Values.imagePullSecrets }}
52 | imagePullSecrets:
53 | {{- toYaml . | nindent 8 }}
54 | {{- end }}
55 | serviceAccountName: {{ (.Values.serviceAccount.metricServer).name | default .Values.serviceAccount.name }}
56 | automountServiceAccountToken: {{ kindIs "invalid" (.Values.serviceAccount.metricServer).automountServiceAccountToken | ternary .Values.serviceAccount.automountServiceAccountToken (.Values.serviceAccount.metricServer).automountServiceAccountToken }}
57 | securityContext:
58 | {{- if .Values.podSecurityContext.metricServer }}
59 | {{- toYaml .Values.podSecurityContext.metricServer | nindent 8 }}
60 | {{- else }}
61 | {{- toYaml .Values.podSecurityContext | nindent 8 }}
62 | {{- end }}
63 | containers:
64 | - name: {{ .Values.operator.name }}-metrics-apiserver
65 | securityContext:
66 | {{- if .Values.securityContext.metricServer }}
67 | {{- toYaml .Values.securityContext.metricServer | nindent 12 }}
68 | {{- else }}
69 | {{- toYaml .Values.securityContext | nindent 12 }}
70 | {{- end }}
71 | {{- $registry := .Values.global.image.registry | default .Values.image.metricsApiServer.registry | default "" }}
72 | {{- if $registry }}
73 | image: "{{ $registry }}/{{ .Values.image.metricsApiServer.repository }}:{{ .Values.image.metricsApiServer.tag | default .Chart.AppVersion }}"
74 | {{- else }}
75 | image: "{{ .Values.image.metricsApiServer.repository }}:{{ .Values.image.metricsApiServer.tag | default .Chart.AppVersion }}"
76 | {{- end }}
77 | imagePullPolicy: {{ .Values.image.pullPolicy }}
78 | livenessProbe:
79 | httpGet:
80 | path: /healthz
81 | port: {{ .Values.service.portHttpsTarget }}
82 | scheme: HTTPS
83 | initialDelaySeconds: {{ .Values.metricsServer.livenessProbe.initialDelaySeconds }}
84 | periodSeconds: {{ .Values.metricsServer.livenessProbe.periodSeconds }}
85 | timeoutSeconds: {{ .Values.metricsServer.livenessProbe.timeoutSeconds }}
86 | failureThreshold: {{ .Values.metricsServer.livenessProbe.failureThreshold }}
87 | successThreshold: {{ .Values.metricsServer.livenessProbe.successThreshold }}
88 | readinessProbe:
89 | httpGet:
90 | path: /readyz
91 | port: {{ .Values.service.portHttpsTarget }}
92 | scheme: HTTPS
93 | initialDelaySeconds: {{ .Values.metricsServer.readinessProbe.initialDelaySeconds }}
94 | periodSeconds: {{ .Values.metricsServer.readinessProbe.periodSeconds }}
95 | timeoutSeconds: {{ .Values.metricsServer.readinessProbe.timeoutSeconds }}
96 | failureThreshold: {{ .Values.metricsServer.readinessProbe.failureThreshold }}
97 | successThreshold: {{ .Values.metricsServer.readinessProbe.successThreshold }}
98 | env:
99 | - name: WATCH_NAMESPACE
100 | value: {{ .Values.watchNamespace | quote }}
101 | - name: POD_NAMESPACE
102 | valueFrom:
103 | fieldRef:
104 | fieldPath: metadata.namespace
105 | - name: KEDA_HTTP_DEFAULT_TIMEOUT
106 | value: {{ .Values.http.timeout | quote }}
107 | - name: KEDA_HTTP_MIN_TLS_VERSION
108 | value: {{ .Values.http.minTlsVersion }}
109 | {{- if ( not .Values.http.keepAlive.enabled ) }}
110 | - name: KEDA_HTTP_DISABLE_KEEP_ALIVE
111 | value: "true"
112 | {{- end }}
113 | {{- if .Values.permissions.metricServer.restrict.secret }}
114 | - name: KEDA_RESTRICT_SECRET_ACCESS
115 | value: {{ .Values.permissions.metricServer.restrict.secret | quote }}
116 | {{- end }}
117 | {{- if .Values.env }}
118 | {{- toYaml .Values.env | nindent 12 -}}
119 | {{- end }}
120 | command:
121 | - /keda-adapter
122 | args:
123 | - --port={{ .Values.prometheus.metricServer.port }}
124 | - --secure-port={{ .Values.service.portHttpsTarget }}
125 | - --logtostderr=true
126 | - --stderrthreshold={{ .Values.logging.metricServer.stderrthreshold }}
127 | - --disable-compression={{ .Values.metricsServer.disableCompression}}
128 | - --metrics-service-address={{ .Values.operator.name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:9666
129 | - --client-ca-file={{ .Values.certificates.mountPath }}/ca.crt
130 | - --tls-cert-file={{ .Values.certificates.mountPath }}/tls.crt
131 | - --tls-private-key-file={{ .Values.certificates.mountPath }}/tls.key
132 | - --cert-dir={{ .Values.certificates.mountPath }}
133 | - --v={{ .Values.logging.metricServer.level }}
134 | - --zap-log-level={{ .Values.logging.metricServer.zapLevel }}
135 | - --zap-encoder={{ .Values.logging.metricServer.zapEncoder }}
136 | - --zap-time-encoding={{ .Values.logging.metricServer.zapTimeEncoding }}
137 | {{- if .Values.profiling.metricsServer.enabled }}
138 | - "--profiling-bind-address=:{{ .Values.profiling.metricsServer.port }}"
139 | {{- end }}
140 | {{- range $key, $value := .Values.extraArgs.metricsAdapter }}
141 | - --{{ $key }}={{ $value }}
142 | {{- end }}
143 | ports:
144 | - containerPort: {{ .Values.service.portHttpsTarget }}
145 | name: https
146 | protocol: TCP
147 | - containerPort: {{ .Values.prometheus.metricServer.port }}
148 | name: {{ .Values.prometheus.metricServer.portName }}
149 | protocol: TCP
150 | volumeMounts:
151 | - mountPath: {{ .Values.certificates.mountPath }}
152 | name: certificates
153 | readOnly: true
154 | {{- if .Values.grpcTLSCertsSecret }}
155 | - name: grpc-certs
156 | mountPath: /grpccerts
157 | {{- end }}
158 | {{- if .Values.hashiCorpVaultTLS }}
159 | - name: hashicorp-vault-certs
160 | mountPath: /hashicorp-vaultcerts
161 | {{- end }}
162 | {{- if .Values.volumes.metricsApiServer.extraVolumeMounts }}
163 | {{- toYaml .Values.volumes.metricsApiServer.extraVolumeMounts | nindent 10 }}
164 | {{- end }}
165 | resources:
166 | {{- if .Values.resources.metricServer }}
167 | {{- toYaml .Values.resources.metricServer | nindent 12 }}
168 | {{- else }}
169 | {{- toYaml .Values.resources | nindent 12 }}
170 | {{- end }}
171 | volumes:
172 | - name: certificates
173 | secret:
174 | defaultMode: 420
175 | secretName: {{ .Values.certificates.secretName }}
176 | {{- if .Values.grpcTLSCertsSecret }}
177 | - name: grpc-certs
178 | secret:
179 | secretName: {{ .Values.grpcTLSCertsSecret }}
180 | {{- end }}
181 | {{- if .Values.hashiCorpVaultTLS }}
182 | - name: hashicorp-vault-certs
183 | secret:
184 | secretName: {{ .Values.hashiCorpVaultTLS }}
185 | {{- end }}
186 | {{- if .Values.volumes.metricsApiServer.extraVolumes }}
187 | {{- toYaml .Values.volumes.metricsApiServer.extraVolumes | nindent 6 }}
188 | {{- end }}
189 | {{- $dnsConfig := .Values.metricsServer.dnsConfig | default .Values.global.dnsConfig }}
190 | {{- if $dnsConfig }}
191 | dnsConfig:
192 | {{- toYaml $dnsConfig | nindent 8 }}
193 | {{- end }}
194 | dnsPolicy: {{ .Values.metricsServer.dnsPolicy }}
195 | hostNetwork: {{ .Values.metricsServer.useHostNetwork }}
196 | nodeSelector:
197 | kubernetes.io/os: linux
198 | {{- with .Values.nodeSelector }}
199 | {{- toYaml . | nindent 8 }}
200 | {{- end }}
201 | {{- if .Values.metricsServer.affinity }}
202 | affinity:
203 | {{- toYaml .Values.metricsServer.affinity | nindent 8 }}
204 | {{- else if .Values.affinity }}
205 | affinity:
206 | {{- toYaml .Values.affinity | nindent 8 }}
207 | {{- end }}
208 | {{- with .Values.topologySpreadConstraints.metricsServer}}
209 | topologySpreadConstraints:
210 | {{- toYaml . | nindent 8 }}
211 | {{- end }}
212 | {{- with .Values.tolerations }}
213 | tolerations:
214 | {{- toYaml . | nindent 8 }}
215 | {{- end }}
216 |
--------------------------------------------------------------------------------
