Add HPA, PDB and Pod Affinity for both Operator and Connect components

charts/connect/templates/_helpers.tpl

@@ -106,6 +106,21 @@ Sets extra service annotations
   {{- end }}
 {{- end -}}
 
+{{/*
+Sets extra annotations
+*/}}
+{{- define "onepassword-connect.extraAnnotations" -}}
+  {{- with .annotations }}
+  annotations:
+    {{- $tp := typeOf . }}
+    {{- if eq $tp "string" }}
+      {{- tpl . . | nindent 4 }}
+    {{- else }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
 {{/*
 Sets environment variables when profiler is enabled
 */}}

charts/connect/templates/connect-deployment.yaml

@@ -33,13 +33,17 @@ spec:
       {{- toYaml . | nindent 8 }}
       {{- end }}
     spec:
-{{- with .Values.connect.nodeSelector }}
+      {{- with .Values.connect.nodeSelector }}
       nodeSelector:
-{{ toYaml . | indent 8 }}
-{{- end }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- if .Values.connect.priorityClassName }}
       priorityClassName: {{ .Values.connect.priorityClassName }}
       {{- end }}
+      {{- with .Values.connect.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
       volumes:
         - name: {{ .Values.connect.dataVolume.name }}
           {{ .Values.connect.dataVolume.type }}: {{- toYaml .Values.connect.dataVolume.values | nindent 12 }}
@@ -52,7 +56,7 @@ spec:
             secretName: {{ .Values.connect.tls.secret }}
         {{- end }}
       tolerations:
-{{ toYaml .Values.connect.tolerations | indent 8 }}
+      {{- toYaml .Values.connect.tolerations | nindent 8 }}
       containers:
         - name: {{ .Values.connect.api.name }}
           image: {{ .Values.connect.api.imageRepository }}:{{ tpl .Values.connect.version . }}

charts/connect/templates/connect-hpa.yaml

@@ -0,0 +1,39 @@
+{{- if (and .Values.connect.create .Values.connect.hpa.enabled ) }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ .Values.connect.applicationName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/component: connect
+    {{- include "onepassword-connect.labels" . | nindent 4 }}
+{{- include "onepassword-connect.extraAnnotations" .Values.connect.hpa }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ .Values.connect.applicationName }}
+  minReplicas: {{ .Values.connect.hpa.minReplicas }}
+  maxReplicas: {{ .Values.connect.hpa.maxReplicas }}
+  metrics:
+    {{- with .Values.connect.hpa.avgMemoryUtilization }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          averageUtilization: {{ . }}
+          type: Utilization
+    {{- end }}
+    {{- with .Values.connect.hpa.avgCpuUtilization }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          averageUtilization: {{ . }}
+          type: Utilization
+    {{- end }}
+  {{- with .Values.connect.hpa.behavior }}
+  behavior:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/connect/templates/connect-pdb.yaml

@@ -0,0 +1,21 @@
+{{- if (and .Values.connect.create .Values.connect.pdb.enabled ) }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ .Values.connect.applicationName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/component: connect
+    {{- include "onepassword-connect.labels" . | nindent 4 }}
+{{- include "onepassword-connect.extraAnnotations" .Values.connect.pdb }}
+spec:
+  {{- with .Values.connect.pdb.maxUnavailable }}
+  maxUnavailable: {{ . }}
+  {{- else }}
+  minAvailable: {{ .Values.connect.pdb.minAvailable }}
+  {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: connect
+      {{- include "onepassword-connect.selectorLabels" . | nindent 6 }}
+{{- end }}

charts/connect/templates/operator-deployment.yaml

@@ -15,7 +15,7 @@ metadata:
   {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-  replicas: 1
+  replicas: {{ .Values.operator.replicas }}
   selector:
     matchLabels:
       name: {{ .Values.connect.applicationName }}
@@ -32,15 +32,19 @@ spec:
       {{- toYaml . | nindent 8 }}
       {{- end }}
     spec:
-{{- with .Values.operator.nodeSelector }}
+      {{- with .Values.operator.nodeSelector }}
       nodeSelector:
-{{ toYaml . | indent 8 }}
-{{- end }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- if .Values.operator.priorityClassName }}
       priorityClassName: {{ .Values.operator.priorityClassName }}
       {{- end }}
+      {{- with .Values.operator.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
       tolerations:
-{{ toYaml .Values.operator.tolerations | indent 8 }}
+      {{- toYaml .Values.operator.tolerations | nindent 8 }}
       serviceAccountName: {{ .Values.operator.serviceAccount.name }}
       containers:
         - name: {{ .Values.connect.applicationName }}

charts/connect/templates/operator-hpa.yaml

@@ -0,0 +1,39 @@
+{{- if (and .Values.operator.create .Values.operator.hpa.enabled ) }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ .Values.operator.applicationName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/component: operator
+    {{- include "onepassword-connect.labels" . | nindent 4 }}
+{{- include "onepassword-connect.extraAnnotations" .Values.operator.hpa }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ .Values.operator.applicationName }}
+  minReplicas: {{ .Values.operator.hpa.minReplicas }}
+  maxReplicas: {{ .Values.operator.hpa.maxReplicas }}
+  metrics:
+    {{- with .Values.operator.hpa.avgMemoryUtilization }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          averageUtilization: {{ . }}
+          type: Utilization
+    {{- end }}
+    {{- with .Values.operator.hpa.avgCpuUtilization }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          averageUtilization: {{ . }}
+          type: Utilization
+    {{- end }}
+  {{- with .Values.operator.hpa.behavior }}
+  behavior:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/connect/templates/operator-pdb.yaml

@@ -0,0 +1,21 @@
+{{- if (and .Values.operator.create .Values.operator.pdb.enabled ) }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ .Values.operator.applicationName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/component: operator
+    {{- include "onepassword-connect.labels" . | nindent 4 }}
+{{- include "onepassword-connect.extraAnnotations" .Values.operator.pdb }}
+spec:
+  {{- with .Values.operator.pdb.maxUnavailable }}
+  maxUnavailable: {{ . }}
+  {{- else }}
+  minAvailable: {{ .Values.operator.pdb.minAvailable }}
+  {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: operator
+      {{- include "onepassword-connect.selectorLabels" . | nindent 6 }}
+{{- end }}

charts/connect/values.yaml

@@ -98,6 +98,37 @@ connect:
   # See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
   nodeSelector: {}
 
+  # Affinity rules for the Connect pod
+  affinity: {}
+
+  ## Horizontal Pod Autoscaling for the Connect pod
+  hpa:
+    # Enable Horizontal Pod Autoscaling for the Connect pod
+    enabled: false
+    # Additional annotations to be added to the HPA Connect
+    annotations: {}
+    # Minimum number of replicas for the Connect pod
+    minReplicas: 1
+    # Maximum number of replicas for the Connect pod
+    maxReplicas: 3
+    # Average Memory utilization percentage for the Connect pod
+    avgMemoryUtilization: 50
+    # Average CPU utilization percentage for the Connect pod
+    avgCpuUtilization: 50
+    # Defines the Autoscaling Behavior in up/down directions
+    behavior: {}
+
+  ## Pod Disruption Budget for the Connect pod
+  pdb:
+    # Enable Pod Disruption Budget for the Connect pod
+    enabled: false
+    # Additional annotations to be added to the PDB Connect
+    annotations: {}
+    # Number of pods that are unavailble after eviction as number or percentage (eg.: 50%)
+    maxUnavailable: 1
+    # Number of pods that are available after eviction as number or percentage (eg.: 50%)
+    minAvailable: 0
+
   # 1Password Connect API and Sync Service
   probes:
     # Denotes whether the 1Password Connect API readiness probe will operate
@@ -203,6 +234,9 @@ operator:
   # Denotes whether the 1Password Operator will be deployed
   create: false
 
+  # The number of replicas to run the 1Password Connect Operator deployment
+  replicas: 1
+
   # Denotes whether the 1Password Operator will automatically restart deployments based on associated updated secrets.
   autoRestart: false
 
@@ -225,6 +259,37 @@ operator:
   # See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
   nodeSelector: {}
 
+  # Affinity rules for the Operator pod
+  affinity: {}
+
+  ## Horizontal Pod Autoscaling for the Operator pod
+  hpa:
+    # Enable Horizontal Pod Autoscaling for the Operator pod
+    enabled: false
+    # Additional annotations to be added to the HPA Operator
+    annotations: {}
+    # Minimum number of replicas for the Operator pod
+    minReplicas: 1
+    # Maximum number of replicas for the Operator pod
+    maxReplicas: 3
+    # Average Memory utilization percentage for the Operator pod
+    avgMemoryUtilization: 50
+    # Average CPU utilization percentage for the Operator pod
+    avgCpuUtilization: 50
+    # Defines the Autoscaling Behavior in up/down directions
+    behavior: {}
+
+  ## Pod Disruption Budget for the Operator pod
+  pdb:
+    # Enable Pod Disruption Budget for the Operator pod
+    enabled: false
+    # Additional annotations to be added to the PDB Operator
+    annotations: {}
+    # Number of pods that are unavailble after eviction as number or percentage (eg.: 50%)
+    maxUnavailable: 1
+    # Number of pods that are available after eviction as number or percentage (eg.: 50%)
+    minAvailable: 0
+
   # Additional annotations to be added to the Operator pods.
   annotations: {}