Vertical Pod Autoscaler Addon (#76)

* precommit format applied * terraform-docs: automated action * Updated Keda docs * Files formatted with terraform fmt * Updated docs and prometheus default values * precommit format applied * terraform-docs: automated action * fixed the documentatio Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

Vertical Pod Autoscaler Addon (#76)
* precommit format applied * terraform-docs: automated action * Updated Keda docs * Files formatted with terraform fmt * Updated docs and prometheus default values * precommit format applied * terraform-docs: automated action * fixed the documentatio Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
98209d09 · Vara Bonthu · GitHub · 0f009136 · 98209d09 · 98209d09
Unverified Commit 98209d09 authored 3 years ago by Vara Bonthu Committed by GitHub 3 years ago
--- a/README.md
+++ b/README.md
@@ -117,10 +117,10 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 3.60.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.66.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.3.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.4.1 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | 2.4.1 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~> 2.5.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.6.1 |
 | <a name="requirement_local"></a> [local](#requirement\_local) | 2.1.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | 3.1.0 |
@@ -128,9 +128,9 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 3.60.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.66.0 |
 | <a name="provider_http"></a> [http](#provider\_http) | 2.4.1 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | ~> 2.5.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.6.1 |
 ## Modules
@@ -158,6 +158,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 | <a name="module_prometheus"></a> [prometheus](#module\_prometheus) | ./kubernetes-addons/prometheus | n/a |
 | <a name="module_spark-k8s-operator"></a> [spark-k8s-operator](#module\_spark-k8s-operator) | ./kubernetes-addons/spark-k8s-operator | n/a |
 | <a name="module_traefik_ingress"></a> [traefik\_ingress](#module\_traefik\_ingress) | ./kubernetes-addons/traefik-ingress | n/a |
+| <a name="module_vpa"></a> [vpa](#module\_vpa) | ./kubernetes-addons/vertical-pod-autoscaler | n/a |
 | <a name="module_windows_vpc_controllers"></a> [windows\_vpc\_controllers](#module\_windows\_vpc\_controllers) | ./kubernetes-addons/windows-vpc-controllers | n/a |
 ## Resources
@@ -244,6 +245,8 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 | <a name="input_terraform_version"></a> [terraform\_version](#input\_terraform\_version) | Terraform Version | `string` | `"Terraform"` | no |
 | <a name="input_traefik_helm_chart"></a> [traefik\_helm\_chart](#input\_traefik\_helm\_chart) | Traefik Helm Addon Config | `any` | `{}` | no |
 | <a name="input_traefik_ingress_controller_enable"></a> [traefik\_ingress\_controller\_enable](#input\_traefik\_ingress\_controller\_enable) | Enabling Traefik Ingress Controller on eks cluster | `bool` | `false` | no |
+| <a name="input_vpa_enable"></a> [vpa\_enable](#input\_vpa\_enable) | Enable Kubernetes Vertical Pod Autoscaler | `bool` | `false` | no |
+| <a name="input_vpa_helm_chart"></a> [vpa\_helm\_chart](#input\_vpa\_helm\_chart) | Kubernetes Vertical Pod Autoscaler Helm chart config | `any` | `{}` | no |
 | <a name="input_vpc_cni_addon_version"></a> [vpc\_cni\_addon\_version](#input\_vpc\_cni\_addon\_version) | VPC CNI Addon version | `string` | `"v1.8.0-eksbuild.1"` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC id | `string` | n/a | yes |
 | <a name="input_windows_vpc_controllers_helm_chart"></a> [windows\_vpc\_controllers\_helm\_chart](#input\_windows\_vpc\_controllers\_helm\_chart) | Windows VPC Controllers Helm chart configuration | `any` | `{}` | no |

--- a/deploy/advanced/live/preprod/eu-west-1/application_acct/dev/main.tf
+++ b/deploy/advanced/live/preprod/eu-west-1/application_acct/dev/main.tf
@@ -509,7 +509,7 @@ module "aws-eks-accelerator-for-terraform" {
      name  = "service.annotations.service\\.beta\\.kubernetes\\.io/aws-load-balancer-type"
      value = "nlb"
    }]
-    # (Optional) Example to show how to pass metrics-server-values.yaml
+    # (Optional) Example to show how to pass traefik-values.yaml
    values = [templatefile("${path.module}/k8s_addons/traefik-values.yaml", {
      operating_system = "linux"
    })]
@@ -551,7 +551,7 @@ module "aws-eks-accelerator-for-terraform" {
    timeout    = "1200"                                    # (Optional)
    lint       = "true"                                    # (Optional)
-    # (Optional) Example to show how to pass metrics-server-values.yaml
+    # (Optional) Example to show how to pass cluster-autoscaler-values.yaml
    values = [templatefile("${path.module}/k8s_addons/cluster-autoscaler-vaues.yaml", {
      operating_system = "linux"
    })]

--- a/docs/add-ons/agones.md
+++ b/docs/add-ons/agones.md
@@ -12,7 +12,7 @@ Agones can be deployed by enabling the add-on via the following.
 agones_enable = true
 ```
-### GitOps Configuration 
+### GitOps Configuration
 The following properties are made available for use when managing the add-on via GitOps.
@@ -20,4 +20,4 @@ The following properties are made available for use when managing the add-on via
 agones = {
  enable = true
 }
 ```
\ No newline at end of file
--- a/docs/add-ons/argocd.md
+++ b/docs/add-ons/argocd.md
@@ -40,25 +40,26 @@ The framework provides an approach to bootstraping workloads and/or additional a
 argocd_applications = {
  workloads = {
    namespace         = "argocd"
-    repo_path         = "envs/dev"
+    path              = "envs/dev"
    repo_url          = "https://github.com/aws-samples/ssp-eks-workloads.git"
    target_revision   = "HEAD"
    destination       = "https://kubernetes.default.svc"
    project           = "default"
+    add_on_application= false # Indicates the root add-on application.
    values            = {}
  }
 }
 ```
-### Add-ons 
+### Add-ons
-A common operational pattern is to leverage Infrastructure as Code for provisioning EKS clusters (in addition to other AWS resources) and GitOps for managing cluster configuration. The framework provides support for this approach by leveraging the ArgoCD [App of Apps](https://argo-cd.readthedocs.io/en/stable/operator-manual/cluster-bootstrapping/) pattern. 
+A common operational pattern is to leverage Infrastructure as Code for provisioning EKS clusters (in addition to other AWS resources) and GitOps for managing cluster configuration. The framework provides support for this approach by leveraging the ArgoCD [App of Apps](https://argo-cd.readthedocs.io/en/stable/operator-manual/cluster-bootstrapping/) pattern.
-To configure the framework to leverage ArgoCD for managing add-ons, you must pass configuration for a root ArgoCD Application that points to your desired add-ons. You can specify the root application by setting the `add_on_application` value to true in your application configuration.  
+To configure the framework to leverage ArgoCD for managing add-ons, you must pass configuration for a root ArgoCD Application that points to your desired add-ons. You can specify the root application by setting the `add_on_application` value to true in your application configuration.
-Additionally, you must set the `argocd_manage_add_ons` property to true. When this flag is set, the framework will still provision all AWS resources necessary to support add-on functionality, but it will not apply Helm charts directly via Terraform. Instead, the framework will pass AWS resource values needed for each add-on to ArgoCD via the values map of the root add-on Application. For specific values passed for each add-on, see the individual add-on documentation. 
+Additionally, you must set the `argocd_manage_add_ons` property to true. When this flag is set, the framework will still provision all AWS resources necessary to support add-on functionality, but it will not apply Helm charts directly via Terraform. Instead, the framework will pass AWS resource values needed for each add-on to ArgoCD via the values map of the root add-on Application. For specific values passed for each add-on, see the individual add-on documentation.
-Sample configuration can be found below: 
+Sample configuration can be found below:
 ```
 argocd_enable           = true
@@ -72,7 +73,7 @@ argocd_applications     = {
    destination           = "https://kubernetes.default.svc"
    project               = "default"
    values                = {}
-    add_on_application    = true # Indicates the root add-on application. 
+    add_on_application    = true # Indicates the root add-on application.
  }
 }
 ```
--- a/docs/add-ons/aws-for-fluent-bit.md
+++ b/docs/add-ons/aws-for-fluent-bit.md
@@ -14,13 +14,13 @@ AWS provides a Fluent Bit image with plugins for both CloudWatch Logs and Kinesi
 aws_for_fluentbit_enable = true
 ```
-### GitOps Configuration 
+### GitOps Configuration
-The following properties are made available for use when managing the add-on via GitOps. 
+The following properties are made available for use when managing the add-on via GitOps.
 ```
 awsForFluentBit = {
  enable       = true
  logGroupName = "<log_group_name>"
 }
 ```
\ No newline at end of file
--- a/docs/add-ons/aws-load-balancer-controller.md
+++ b/docs/add-ons/aws-load-balancer-controller.md
@@ -25,13 +25,13 @@ aws-load-balancer-controller                               2/2     2
 Here is the link to get the AWS ELB [service annotations](https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/service/annotations/) for LB Ingress controller.
-### GitOps Configuration 
+### GitOps Configuration
-The following properties are made available for use when managing the add-on via GitOps. 
+The following properties are made available for use when managing the add-on via GitOps.
 ```
 awsLoadBalancerController = {
  enable             = true
  serviceAccountName = "<service_account_name>"
 }
 ```
\ No newline at end of file
--- a/docs/add-ons/cert-manager.md
+++ b/docs/add-ons/cert-manager.md
@@ -12,12 +12,12 @@ cert-manger can be deployed by enabling the add-on via the following.
 cert_manager_enable = true
 ```
-### GitOps Configuration 
+### GitOps Configuration
-The following properties are made available for use when managing the add-on via GitOps. 
+The following properties are made available for use when managing the add-on via GitOps.
 ```
 certManager = {
  enable = true
 }
 ```
\ No newline at end of file
--- a/docs/add-ons/cluster-autoscaler.md
+++ b/docs/add-ons/cluster-autoscaler.md
@@ -15,12 +15,12 @@ The [Cluster Autoscaler](https://github.com/kubernetes/autoscaler/tree/master/cl
 cluster_autoscaler_enable = true
 ```
-### GitOps Configuration 
+### GitOps Configuration
-The following properties are made available for use when managing the add-on via GitOps. 
+The following properties are made available for use when managing the add-on via GitOps.
 ```
 clusterAutoscaler = {
  enable = true
 }
 ```
\ No newline at end of file
--- a/docs/add-ons/index.md
+++ b/docs/add-ons/index.md
@@ -43,7 +43,7 @@ metrics_server_helm_chart = {
    namespace      = "kube-system"
    timeout        = "1200"
-    # (Optional) Example to pass metrics-server-values.yaml from your local repo
+    # (Optional) Example to pass metrics-server-prometheus-values.yaml from your local repo
    values = [templatefile("${path.module}/k8s_addons/metrics-server-values.yaml", {
        operating_system                = "linux"
    })]

--- a/docs/add-ons/vertical-pod-autoscaler.md
+++ b/docs/add-ons/vertical-pod-autoscaler.md
+# Vertical Pod Autoscaler
+[VPA](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler) Vertical Pod Autoscaler (VPA) automatically adjusts the CPU and memory reservations for your pods to help "right size" your applications. When configured, it will automatically request the necessary reservations based on usage and thus allow proper scheduling onto nodes so that the appropriate resource amount is available for each pod. It will also maintain ratios between limits and requests that were specified in initial container configuration.
+NOTE: Metrics Server add-on is a dependency for this addon
+## Usage
+This step deploys the Vertical Pod Autoscaler with default Helm Chart config
+```hcl
+  vpa_enable = true
+```
+Alternatively, you can override the helm values by using the code snippet below
+```hcl
+  vpa_enable = true
+  vpa_helm_chart = {
+    name       = "vpa"                                 # (Required) Release name.
+    repository = "https://charts.fairwinds.com/stable" # (Optional) Repository URL where to locate the requested chart.
+    chart      = "vpa"                                 # (Required) Chart name to be installed.
+    version    = "0.5.0"                               # (Optional) Specify the exact chart version to install. If this is not specified, the latest version is installed.
+    namespace  = "vpa-ns"                              # (Optional) The namespace to install the release into. Defaults to default
+    values     = [templatefile("${path.module}/k8s_addons/vpa-values.yaml", {})]
+  }
+```
--- a/kubernetes-addons.tf
+++ b/kubernetes-addons.tf
@@ -165,4 +165,12 @@ module "keda" {
  tags               = var.tags
  depends_on = [module.aws_eks]
 }
\ No newline at end of file
+module "vpa" {
+  count          = var.create_eks && var.vpa_enable ? 1 : 0
+  source         = "./kubernetes-addons/vertical-pod-autoscaler"
+  vpa_helm_chart = var.vpa_helm_chart
+  depends_on = [module.aws_eks]
+}
--- a/kubernetes-addons/agones/outputs.tf
+++ b/kubernetes-addons/agones/outputs.tf
@@ -19,4 +19,4 @@
 output "argocd_gitops_config" {
  description = "Configuration used for managing the add-on with ArgoCD"
  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
 }
\ No newline at end of file
--- a/kubernetes-addons/agones/values.yaml
+++ b/kubernetes-addons/agones/values.yaml
@@ -12,4 +12,4 @@ agones:
    http:
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-internal: "false"
        service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
\ No newline at end of file
--- a/kubernetes-addons/agones/variables.tf
+++ b/kubernetes-addons/agones/variables.tf
@@ -30,4 +30,4 @@ variable "manage_via_gitops" {
  type        = bool
  default     = false
  description = "Determines if the add-on should be managed via GitOps."
 }
\ No newline at end of file
--- a/kubernetes-addons/aws-for-fluentbit/locals.tf
+++ b/kubernetes-addons/aws-for-fluentbit/locals.tf
 locals {
-  log_group_name = "/${var.eks_cluster_id}/worker-fluentbit-logs"
+  log_group_name      = "/${var.eks_cluster_id}/worker-fluentbit-logs"
  log_group_retention = 90
  default_helm_values = [templatefile("${path.module}/values.yaml", {
@@ -9,41 +9,41 @@ locals {
  })]
  default_aws_for_fluentbit_helm_app = {
-    name                                      = "aws-for-fluent-bit"
+    name                       = "aws-for-fluent-bit"
-    chart                                     = "aws-for-fluent-bit"
+    chart                      = "aws-for-fluent-bit"
-    repository                                = "https://aws.github.io/eks-charts"
+    repository                 = "https://aws.github.io/eks-charts"
-    version                                   = "0.1.11"
+    version                    = "0.1.11"
-    namespace                                 = "kube-system"
+    namespace                  = "kube-system"
-    timeout                                   = "1200"
+    timeout                    = "1200"
-    create_namespace                          = true
+    create_namespace           = true
-    values                                    = local.default_helm_values
+    values                     = local.default_helm_values
-    set                                       = []
+    set                        = []
-    set_sensitive                             = null
+    set_sensitive              = null
-    lint                                      = true
+    lint                       = true
-    wait                                      = true
+    wait                       = true
-    wait_for_jobs                             = false
+    wait_for_jobs              = false
-    description                               = "aws-for-fluentbit Helm Chart deployment configuration"
+    description                = "aws-for-fluentbit Helm Chart deployment configuration"
-    verify                                    = false
+    verify                     = false
-    keyring                                   = ""
+    keyring                    = ""
-    repository_key_file                       = ""
+    repository_key_file        = ""
-    repository_cert_file                      = ""
+    repository_cert_file       = ""
-    repository_ca_file                        = ""
+    repository_ca_file         = ""
-    repository_username                       = ""
+    repository_username        = ""
-    repository_password                       = ""
+    repository_password        = ""
-    disable_webhooks                          = false
+    disable_webhooks           = false
-    reuse_values                              = false
+    reuse_values               = false
-    reset_values                              = false
+    reset_values               = false
-    force_update                              = false
+    force_update               = false
-    recreate_pods                             = false
+    recreate_pods              = false
-    cleanup_on_fail                           = false
+    cleanup_on_fail            = false
-    max_history                               = 0
+    max_history                = 0
-    atomic                                    = false
+    atomic                     = false
-    skip_crds                                 = false
+    skip_crds                  = false
-    render_subchart_notes                     = true
+    render_subchart_notes      = true
-    disable_openapi_validation                = false
+    disable_openapi_validation = false
-    dependency_update                         = false
+    dependency_update          = false
-    replace                                   = false
+    replace                    = false
-    postrender                                = ""
+    postrender                 = ""
  }
  aws_for_fluentbit_helm_app = merge(

--- a/kubernetes-addons/aws-for-fluentbit/outputs.tf
+++ b/kubernetes-addons/aws-for-fluentbit/outputs.tf
@@ -29,4 +29,4 @@ output "aws_fluent_bit_cw_log_group_arn" {
 output "argocd_gitops_config" {
  description = "Configuration used for managing the add-on with ArgoCD"
  value       = var.manage_via_gitops ? local.argocd_gitops_config : null
 }
\ No newline at end of file
--- a/kubernetes-addons/aws-for-fluentbit/values.yaml
+++ b/kubernetes-addons/aws-for-fluentbit/values.yaml
@@ -6,4 +6,4 @@ firehose:
  region: ${aws_region}
 kinesis:
  region: ${aws_region}
\ No newline at end of file
--- a/kubernetes-addons/aws-load-balancer-controller/main.tf
+++ b/kubernetes-addons/aws-load-balancer-controller/main.tf
@@ -350,4 +350,4 @@ resource "kubernetes_service_account" "aws_load_balancer_controller_sa" {
    annotations = { "eks.amazonaws.com/role-arn" : aws_iam_role.aws_load_balancer_controller_role.arn }
  }
  automount_service_account_token = true
 }
\ No newline at end of file
--- a/kubernetes-addons/aws-load-balancer-controller/values.yaml
+++ b/kubernetes-addons/aws-load-balancer-controller/values.yaml
@@ -2,4 +2,4 @@ clusterName: ${cluster_name}
 region: ${aws_region}
 serviceAccount:
  create: false
  name: ${service_account_name}
\ No newline at end of file
--- a/kubernetes-addons/cert-manager/locals.tf
+++ b/kubernetes-addons/cert-manager/locals.tf
@@ -38,7 +38,7 @@ locals {
    dependency_update          = false
    replace                    = false
    postrender                 = ""
    # Install a CA issuer with a helper chart
    # See ./cert-manager-ca/templates/ca.yaml
    install_default_ca = var.manage_via_gitops ? false : true