diff --git a/stacks/platform/main.tf b/stacks/platform/main.tf index 2862be4b..9867649a 100644 --- a/stacks/platform/main.tf +++ b/stacks/platform/main.tf @@ -9,7 +9,7 @@ # Services included: # metallb, dbaas, cloudflared, infra-maintenance, # redis, traefik, technitium, headscale, authentik, rbac, k8s-portal, -# crowdsec, monitoring, vaultwarden, reverse-proxy, metrics-server, +# crowdsec, monitoring, vaultwarden, reverse-proxy, metrics-server, vpa, # nvidia, kyverno, uptime-kuma, wireguard, xray, mailserver # ============================================================================= @@ -290,6 +290,15 @@ module "metrics-server" { tls_secret_name = var.tls_secret_name } +# ----------------------------------------------------------------------------- +# VPA + Goldilocks — Vertical Pod Autoscaler & resource dashboard +# ----------------------------------------------------------------------------- +module "vpa" { + source = "./modules/vpa" + tls_secret_name = var.tls_secret_name + tier = local.tiers.cluster +} + # ----------------------------------------------------------------------------- # NVIDIA — GPU device plugin # ----------------------------------------------------------------------------- diff --git a/stacks/platform/modules/vpa/main.tf b/stacks/platform/modules/vpa/main.tf new file mode 100644 index 00000000..f433f9ec --- /dev/null +++ b/stacks/platform/modules/vpa/main.tf @@ -0,0 +1,86 @@ +variable "tls_secret_name" { type = string } +variable "tier" { type = string } + +resource "kubernetes_namespace" "vpa" { + metadata { + name = "vpa" + labels = { + tier = var.tier + } + } +} + +module "tls_secret" { + source = "../../../../modules/kubernetes/setup_tls_secret" + namespace = kubernetes_namespace.vpa.metadata[0].name + tls_secret_name = var.tls_secret_name +} + +# ----------------------------------------------------------------------------- +# VPA — Vertical Pod Autoscaler (Fairwinds Helm chart) +# ----------------------------------------------------------------------------- +resource "helm_release" "vpa" { + namespace = kubernetes_namespace.vpa.metadata[0].name + create_namespace = false + name = "vpa" + atomic = true + + repository = "https://charts.fairwinds.com/stable" + chart = "vpa" + + values = [yamlencode({ + recommender = { + enabled = true + } + updater = { + enabled = true + } + admissionController = { + enabled = true + } + })] +} + +# ----------------------------------------------------------------------------- +# Goldilocks — VPA dashboard (Fairwinds Helm chart) +# ----------------------------------------------------------------------------- +resource "helm_release" "goldilocks" { + namespace = kubernetes_namespace.vpa.metadata[0].name + create_namespace = false + name = "goldilocks" + atomic = true + + repository = "https://charts.fairwinds.com/stable" + chart = "goldilocks" + + values = [yamlencode({ + controller = { + flags = { + on-by-default = "true" + } + } + dashboard = { + replicaCount = 1 + flags = { + on-by-default = "true" + } + } + })] + + depends_on = [helm_release.vpa] +} + +# ----------------------------------------------------------------------------- +# Ingress — Goldilocks dashboard at goldilocks.viktorbarzin.me +# ----------------------------------------------------------------------------- +module "ingress" { + source = "../../../../modules/kubernetes/ingress_factory" + namespace = kubernetes_namespace.vpa.metadata[0].name + name = "goldilocks" + service_name = "goldilocks-dashboard" + port = 80 + tls_secret_name = var.tls_secret_name + protected = true + + depends_on = [helm_release.goldilocks] +}