added permissions for automatic right sizing with opt-out option (#109)

* added permissions for automatic right sizing with opt-out option * bump chart version * update docs
spotinst · Mar 17, 2024 · 3ccbb65 · 3ccbb65
1 parent f4224d5
commit 3ccbb65
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 2 deletions.
diff --git a/charts/ocean-kubernetes-controller/Chart.yaml b/charts/ocean-kubernetes-controller/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: ocean-kubernetes-controller
 description: A Helm chart for Ocean Kubernetes Controller
 type: application
-version: 0.1.29
+version: 0.1.30
 appVersion: 2.0.50
 kubeVersion: ">=1.20.0-0"
 maintainers:

diff --git a/charts/ocean-kubernetes-controller/README.md b/charts/ocean-kubernetes-controller/README.md
@@ -1,6 +1,6 @@
 # ocean-kubernetes-controller
 
-![Version: 0.1.29](https://img.shields.io/badge/Version-0.1.29-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.50](https://img.shields.io/badge/AppVersion-2.0.50-informational?style=flat-square)
+![Version: 0.1.30](https://img.shields.io/badge/Version-0.1.30-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.50](https://img.shields.io/badge/AppVersion-2.0.50-informational?style=flat-square)
 
 A Helm chart for Ocean Kubernetes Controller.
 
@@ -135,6 +135,7 @@ Kubernetes: `>=1.20.0-0`
 | spotinst.baseUrl | string | `""` | Base URL. (Optional) |
 | spotinst.clusterIdentifier | string | `""` | Unique identifier used by the Ocean Controller to connect (Required) between the Ocean backend and the Kubernetes cluster. Ref: https://docs.spot.io/ocean/tutorials/spot-kubernetes-controller/ |
 | spotinst.disableAutoUpdate | bool | `false` | Disable auto update. (Optional) |
+| spotinst.disableAutomaticRightSizing | bool | `false` | Disable automatic RightSizing. (Optional) |
 | spotinst.enableCsrApproval | bool | `false` | Enable CSR approval. (Optional) |
 | spotinst.proxyUrl | string | `""` | Proxy URL. (Optional) |
 | spotinst.token | string | `""` | Spot Token. (Required) Ref: https://docs.spot.io/administration/api/create-api-token |

diff --git a/charts/ocean-kubernetes-controller/templates/clusterrole.yaml b/charts/ocean-kubernetes-controller/templates/clusterrole.yaml
@@ -29,6 +29,9 @@ rules:
 - apiGroups: [ "autoscaling" ]
   resources: [ "horizontalpodautoscalers" ]
   verbs: [ "get", "list", "watch" ]
+- apiGroups: [ "autoscaling.k8s.io" ]
+  resources: [ "verticalpodautoscalers" ]
+  verbs: [ "get", "list", "watch" ]
 - apiGroups: [ "apiextensions.k8s.io" ]
   resources: [ "customresourcedefinitions" ]
   verbs: [ "get", "list", "watch" ]
@@ -55,6 +58,7 @@ rules:
 - apiGroups: [""]
   resources: ["nodes"]
   verbs: ["delete"]
+{{- if .Values.spotinst.enableCsrApproval }}
 # ---------------------------------------------------------------------------
 # feature: ocean/csr-approval
 # ---------------------------------------------------------------------------
@@ -68,6 +72,8 @@ rules:
   resources: ["signers"]
   resourceNames: ["kubernetes.io/kubelet-serving", "kubernetes.io/kube-apiserver-client-kubelet"]
   verbs: ["approve"]
+{{- end }}
+{{- if not .Values.spotinst.disableAutoUpdate }}
 # ---------------------------------------------------------------------------
 # feature: ocean/auto-update
 # ---------------------------------------------------------------------------
@@ -79,6 +85,7 @@ rules:
   resources: ["deployments"]
   resourceNames: ["spotinst-kubernetes-cluster-controller"]
   verbs: ["patch", "update"]
+{{- end }}
 # ---------------------------------------------------------------------------
 # feature: ocean/apply
 # ---------------------------------------------------------------------------
@@ -103,6 +110,14 @@ rules:
 - apiGroups: ["bigdata.spot.io"]
   resources: ["bigdataenvironments"]
   verbs: ["get", "list", "watch", "patch", "update", "create", "delete"]
+{{- if not .Values.spotinst.disableAutomaticRightSizing }}
+# ---------------------------------------------------------------------------
+# feature: automatic right-sizing
+# ---------------------------------------------------------------------------
+- apiGroups: ["autoscaling.k8s.io"]
+  resources: ["verticalpodautoscalers", "verticalpodautoscalers/status"]
+  verbs: ["get", "list", "watch", "patch", "update", "create", "delete"]
+{{- end }}
 # ---------------------------------------------------------------------------
 # feature: controller/leader-election (high-availability)
 # ---------------------------------------------------------------------------

diff --git a/charts/ocean-kubernetes-controller/values.yaml b/charts/ocean-kubernetes-controller/values.yaml
@@ -23,6 +23,8 @@ spotinst:
   disableAutoUpdate: false
   # -- Enable CSR approval. (Optional)
   enableCsrApproval: false
+  # -- Disable automatic RightSizing. (Optional)
+  disableAutomaticRightSizing: false
 
 # -- Configure the amount of replicas for the controller (Optional)
 replicas: 2