feat(keda): Support for dnsConfig parameter (#772)

Signed-off-by: Nitin Verma <nitin.verma@cint.com>

http-add-on/templates/interceptor/deployment.yaml

@@ -84,6 +84,10 @@ spec:
         - name: KEDA_HTTP_PROXY_TLS_PORT
           value: "{{ .Values.interceptor.tls.port }}"
         {{- end }}
+        {{- if .Values.profiling.interceptor.enabled }}
+        - name: PROFILING_BIND_ADDRESS
+          value: "127.0.0.1:{{ .Values.profiling.interceptor.port }}"
+        {{- end}}
         ports:
         - containerPort: {{ .Values.interceptor.admin.port }}
           name: admin
@@ -138,3 +142,6 @@ spec:
       topologySpreadConstraints:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if .Values.interceptor.priorityClassName }}
+      priorityClassName: {{ .Values.interceptor.priorityClassName }}
+      {{- end }}

http-add-on/templates/operator/deployment.yaml

@@ -64,6 +64,9 @@ spec:
         {{- if .Values.logging.operator.stackTracesEnabled }}
         - "--zap-stacktrace-level=error"
         {{- end }}
+        {{- if .Values.profiling.operator.enabled }}
+        - --profiling-bind-address=127.0.0.1:{{ .Values.profiling.operator.port }}
+        {{- end}}
         image: "{{ .Values.images.operator }}:{{ .Values.images.tag | default .Chart.AppVersion }}"
         imagePullPolicy: '{{ .Values.operator.pullPolicy | default "Always" }}'
         name: "{{ .Chart.Name }}-operator"
@@ -112,4 +115,7 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if .Values.operator.priorityClassName }}
+      priorityClassName: {{ .Values.operator.priorityClassName }}
+      {{- end }}
 {{- end }}

http-add-on/templates/scaler/deployment.yaml

@@ -64,6 +64,10 @@ spec:
           value: "{{ default 9091 .Values.interceptor.admin.port }}"
         - name: KEDA_HTTP_SCALER_STREAM_INTERVAL_MS
           value: "{{ .Values.scaler.streamInterval }}"
+        {{- if .Values.profiling.scaler.enabled }}
+        - name: PROFILING_BIND_ADDRESS
+          value: "127.0.0.1:{{ .Values.profiling.scaler.port }}"
+        {{- end}}
         resources:
           {{- toYaml .Values.scaler.resources | nindent 10 }}
         livenessProbe:
@@ -103,3 +107,6 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if .Values.scaler.priorityClassName }}
+      priorityClassName: {{ .Values.scaler.priorityClassName }}
+      {{- end }}

http-add-on/values.yaml

@@ -310,3 +310,22 @@ podSecurityContext:
     # runAsUser: 1000
     # runAsGroup: 1000
     # fsGroup: 1000
+
+## This setting lets you enable profiling for all of the components of KEDA http-add-on and on the specific port you choose
+## This can be useful when trying to investigate errors like memory leaks or CPU bottlenecks
+profiling:
+  operator:
+    # -- Enable profiling for KEDA http-add-on Operator
+    enabled: false
+    # -- Expose profiling on a specific port
+    port: 8085
+  interceptor:
+    # -- Enable profiling for KEDA http-add-on Interceptor
+    enabled: false
+    # -- Expose profiling on a specific port
+    port: 8086
+  scaler:
+    # -- Enable profiling for KEDA http-add-on Scaler
+    enabled: false
+    # -- Expose profiling on a specific port
+    port: 8087

keda/README.md

@@ -84,9 +84,11 @@ their default values.
 | `enableServiceLinks` | bool | `true` | Enable service links in pods. Although enabled, mirroring k8s default, it is highly recommended to disable, due to its legacy status [Legacy container links](https://docs.docker.com/engine/network/links/) |
 | `env` | list | `[]` | Additional environment variables that will be passed onto all KEDA components |
 | `extraObjects` | list | `[]` | Array of extra K8s manifests to deploy |
+| `global.dnsConfig` | object | `{}` | Dns configuration for keda pods |
 | `global.image.registry` | string | `nil` | Global image registry of KEDA components |
 | `grpcTLSCertsSecret` | string | `""` | Set this if you are using an external scaler and want to communicate over TLS (recommended). This variable holds the name of the secret that will be mounted to the /grpccerts path on the Pod |
 | `hashiCorpVaultTLS` | string | `""` | Set this if you are using HashiCorp Vault and want to communicate over TLS (recommended). This variable holds the name of the secret that will be mounted to the /vault path on the Pod |
+| `hostAliases` | list | `[]` | HostAliases for pod networking ([docs](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/)) |
 | `http.keepAlive.enabled` | bool | `true` | Enable HTTP connection keep alive |
 | `http.minTlsVersion` | string | `"TLS12"` | The minimum TLS version to use for all scalers that use raw HTTP clients (some scalers use SDKs to access target services. These have built-in HTTP clients, and this value does not necessarily apply to them) |
 | `http.timeout` | int | `3000` | The default HTTP timeout to use for all scalers that use raw HTTP clients (some scalers use SDKs to access target services. These have built-in HTTP clients, and the timeout does not necessarily apply to them) |
@@ -116,7 +118,6 @@ their default values.
 | `rbac.scaledRefKinds` | list | `[{"apiGroup":"*","kind":"*"}]` | List of custom resources that support the `scale` subresource and can be referenced by `scaledobject.spec.scaleTargetRef`. The feature needs to be also enabled by `enabledCustomScaledRefKinds`. If left empty, RBAC for `apiGroups: *` and `resources: *, */scale` will be created note: Deployments and StatefulSets are supported out of the box |
 | `securityContext` | object | [See below](#KEDA-is-secure-by-default) | [Security context] for all containers |
 | `tolerations` | list | `[]` | Tolerations for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)) |
-| `hostAliases` | list | `[]` | HostAliases for pod networking ([docs](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/)) |
 | `watchNamespace` | string | `""` | Defines Kubernetes namespaces to watch to scale their workloads. Default watches all namespaces |
 
 ### Operator
@@ -171,6 +172,7 @@ their default values.
 | `logging.metricServer.stderrthreshold` | string | `"ERROR"` | Logging stderrthreshold for Metrics Server allowed values: 'DEBUG','INFO','WARN','ERROR','ALERT','EMERG' |
 | `metricsServer.affinity` | object | `{}` | [Affinity] for pod scheduling for Metrics API Server. Takes precedence over the `affinity` field |
 | `metricsServer.disableCompression` | bool | `true` | Disable response compression for k8s restAPI in client-go. Disabling compression simply means that turns off the process of making data smaller for K8s restAPI in client-go for faster transmission. |
+| `metricsServer.dnsConfig` | object | `{}` | [DNS config] for KEDA metrics server pod |
 | `metricsServer.dnsPolicy` | string | `"ClusterFirst"` | Defined the DNS policy for the metric server |
 | `metricsServer.livenessProbe` | object | `{"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | Liveness probes for Metrics API Server ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)) |
 | `metricsServer.readinessProbe` | object | `{"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | Readiness probes for Metrics API Server ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes)) |

keda/templates/manager/deployment.yaml

@@ -243,6 +243,10 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.global.dnsConfig }}
+      dnsConfig:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.hostAliases }}
       hostAliases:
         {{- toYaml . | nindent 8 }}

keda/templates/metrics-server/deployment.yaml

@@ -183,7 +183,15 @@ spec:
       {{- if .Values.volumes.metricsApiServer.extraVolumes }}
       {{- toYaml .Values.volumes.metricsApiServer.extraVolumes | nindent 6 }}
       {{- end }}
+      {{- with .Values.global.dnsConfig }}
+      dnsConfig:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
       dnsPolicy: {{ .Values.metricsServer.dnsPolicy }}
+      {{- if .Values.metricsServer.dnsConfig }}
+      dnsConfig:
+        {{- toYaml .Values.metricsServer.dnsConfig | nindent 8 }}
+      {{- end }}
       hostNetwork: {{ .Values.metricsServer.useHostNetwork }}
       nodeSelector:
         kubernetes.io/os: linux

keda/templates/webhooks/deployment.yaml

@@ -175,4 +175,8 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.global.dnsConfig }}
+      dnsConfig:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
 {{- end }}

keda/values.yaml

@@ -6,6 +6,18 @@ global:
   image:
     # -- Global image registry of KEDA components
     registry: null
+  # -- Dns configuration for keda pods
+  dnsConfig: {}
+  # nameservers:
+  #   - 1.2.3.4
+  # searches:
+  #   - ns1.svc.cluster-domain.example
+  #   - my.dns.search.suffix
+  # options:
+  #   - name: ndots
+  #     value: "1"
+  #   - name: attempts
+  #     value: "3"
 
 image:
   keda:
@@ -134,6 +146,15 @@ metricsServer:
   # use ClusterFirstWithHostNet if `useHostNetwork: true` https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
   # -- Defined the DNS policy for the metric server
   dnsPolicy: ClusterFirst
+  # -- [DNS config] for KEDA metrics server pod
+  dnsConfig: {}
+    # nameservers:
+    #   - 8.8.8.8
+    # searches:
+    #   - metrics.example.com
+    # options:
+    #   - name: ndots
+    #     value: "3"
   # -- Enable metric server to use host network
   useHostNetwork: false
   # -- [Affinity] for pod scheduling for Metrics API Server. Takes precedence over the `affinity` field