From e837a97cd438e4e40dae728fae76296b7a81cdaf Mon Sep 17 00:00:00 2001 From: Michael Burke Date: Tue, 9 Jul 2024 12:09:51 -0400 Subject: [PATCH] Updates --- .../nodes-cma-autoscaling-custom-install.adoc | 19 +++++++++++++++---- ...-nodes-cma-autoscaling-custom-install.adoc | 19 +++++++++++++++---- nodes/cma/nodes-cma-autoscaling-custom.adoc | 17 ++++++++++++++++- 3 files changed, 46 insertions(+), 9 deletions(-) diff --git a/modules/nodes-cma-autoscaling-custom-install.adoc b/modules/nodes-cma-autoscaling-custom-install.adoc index a7b7f47d15..9fbe69221d 100644 --- a/modules/nodes-cma-autoscaling-custom-install.adoc +++ b/modules/nodes-cma-autoscaling-custom-install.adoc @@ -31,6 +31,13 @@ $ oc delete crd scaledobjects.keda.k8s.io $ oc delete crd triggerauthentications.keda.k8s.io ---- +* Optional: If you need the Custom Metrics Autoscaler Operator to connect to off-cluster services, such as an external Kafka cluster or an external Prometheus service, put any required service CA certificates into a config map. The config map must exist in the same namespace where the Operator is installed. For example: ++ +[source,terminal] +---- +$ oc create configmap -n openshift-keda thanos-cert --from-file=ca-cert.pem +---- + .Procedure . In the {product-title} web console, click *Operators* -> *OperatorHub*. @@ -96,9 +103,12 @@ spec: operator: logLevel: info <2> logEncoder: console <3> + caConfigMaps: <4> + - thanos-cert + - kafka-cert metricsServer: - logLevel: '0' <4> - auditConfig: <5> + logLevel: '0' <5> + auditConfig: <6> logFormat: "json" logOutputVolumeClaim: "persistentVolumeClaimName" policy: @@ -115,7 +125,8 @@ spec: <1> Specifies a single namespace in which the Custom Metrics Autoscaler Operator should scale applications. Leave it blank or leave it empty to scale applications in all namespaces. This field should have a namespace or be empty. The default value is empty. <2> Specifies the level of verbosity for the Custom Metrics Autoscaler Operator log messages. The allowed values are `debug`, `info`, `error`. The default is `info`. <3> Specifies the logging format for the Custom Metrics Autoscaler Operator log messages. The allowed values are `console` or `json`. The default is `console`. -<4> Specifies the logging level for the Custom Metrics Autoscaler Metrics Server. The allowed values are `0` for `info` and `4` or `debug`. The default is `0`. -<5> Activates audit logging for the Custom Metrics Autoscaler Operator and specifies the audit policy to use, as described in the "Configuring audit logging" section. +<4> Optional: Specifies one or more config maps with CA certificates, which the Custom Metrics Autoscaler Operator can use to connect securely to TLS-enabled metrics sources. +<5> Specifies the logging level for the Custom Metrics Autoscaler Metrics Server. The allowed values are `0` for `info` and `4` or `debug`. The default is `0`. +<6> Activates audit logging for the Custom Metrics Autoscaler Operator and specifies the audit policy to use, as described in the "Configuring audit logging" section. .. Click *Create* to create the KEDA controller. diff --git a/modules/sd-nodes-cma-autoscaling-custom-install.adoc b/modules/sd-nodes-cma-autoscaling-custom-install.adoc index 33b4b9b880..6dca949396 100644 --- a/modules/sd-nodes-cma-autoscaling-custom-install.adoc +++ b/modules/sd-nodes-cma-autoscaling-custom-install.adoc @@ -34,6 +34,13 @@ $ oc delete crd triggerauthentications.keda.k8s.io * Ensure that the `keda` namespace exists. If not, you must manaully create the `keda` namespace. +* Optional: If you need the Custom Metrics Autoscaler Operator to connect to off-cluster services, such as an external Kafka cluster or an external Prometheus service, put any required service CA certificates into a config map. The config map must exist in the same namespace where the Operator is installed. For example: ++ +[source,terminal] +---- +$ oc create configmap -n openshift-keda thanos-cert --from-file=ca-cert.pem +---- + .Procedure . In the {product-title} web console, click *Operators* -> *OperatorHub*. @@ -110,9 +117,12 @@ spec: operator: logLevel: info <2> logEncoder: console <3> + caConfigMaps: <4> + - thanos-cert + - kafka-cert metricsServer: - logLevel: '0' <4> - auditConfig: <5> + logLevel: '0' <5> + auditConfig: <6> logFormat: "json" logOutputVolumeClaim: "persistentVolumeClaimName" policy: @@ -129,7 +139,8 @@ spec: <1> Specifies a single namespace in which the Custom Metrics Autoscaler Operator should scale applications. Leave it blank or leave it empty to scale applications in all namespaces. This field should have a namespace or be empty. The default value is empty. <2> Specifies the level of verbosity for the Custom Metrics Autoscaler Operator log messages. The allowed values are `debug`, `info`, `error`. The default is `info`. <3> Specifies the logging format for the Custom Metrics Autoscaler Operator log messages. The allowed values are `console` or `json`. The default is `console`. -<4> Specifies the logging level for the Custom Metrics Autoscaler Metrics Server. The allowed values are `0` for `info` and `4` or `debug`. The default is `0`. -<5> Activates audit logging for the Custom Metrics Autoscaler Operator and specifies the audit policy to use, as described in the "Configuring audit logging" section. +<4> Optional: Specifies one or more config maps with CA certificates, which the Custom Metrics Autoscaler Operator can use to connect securely to TLS-enabled metrics sources. +<5> Specifies the logging level for the Custom Metrics Autoscaler Metrics Server. The allowed values are `0` for `info` and `4` or `debug`. The default is `0`. +<6> Activates audit logging for the Custom Metrics Autoscaler Operator and specifies the audit policy to use, as described in the "Configuring audit logging" section. .. Click *Create* to create the KEDA controller. diff --git a/nodes/cma/nodes-cma-autoscaling-custom.adoc b/nodes/cma/nodes-cma-autoscaling-custom.adoc index b925aaed2d..ab82e503e7 100644 --- a/nodes/cma/nodes-cma-autoscaling-custom.adoc +++ b/nodes/cma/nodes-cma-autoscaling-custom.adoc @@ -8,7 +8,7 @@ toc::[] As a developer, you can use Custom Metrics Autoscaler Operator for Red Hat OpenShift to specify how {product-title} should automatically increase or decrease the number of pods for a deployment, stateful set, custom resource, or job based on custom metrics that are not based only on CPU or memory. -The Custom Metrics Autoscaler Operator is an optional operator, based on the Kubernetes Event Driven Autoscaler (KEDA), that allows workloads to be scaled using additional metrics sources other than pod metrics. +The Custom Metrics Autoscaler Operator is an optional Operator, based on the Kubernetes Event Driven Autoscaler (KEDA), that allows workloads to be scaled using additional metrics sources other than pod metrics. The custom metrics autoscaler currently supports only the Prometheus, CPU, memory, and Apache Kafka metrics. @@ -52,3 +52,18 @@ image::564_OpenShift_Custom_Metrics_Autoscaler_0224.png[Custom metrics autoscale 6. As a it operates, a workload can affect the scaling metrics. For example, if a workload is scaled up to handle work in a Kafka queue, the queue size decreases after the workload processes all the work. As a result, the workload is scaled down. 7. If the metrics are in a range specified by the `minReplicaCount` value, the custom metrics autoscaler controller disables all scaling, and leaves the replica count at a fixed level. If the metrics exceed that range, the custom metrics autoscaler controller enables scaling and allows the HPA to scale the workload. While scaling is disabled, the HPA does not take any action. + +[id="nodes-cma-autoscaling-custom-ca_{context}"] +== Custom CA certificates for the Custom Metrics Autoscaler + +By default, the Custom Metrics Autoscaler Operator uses automatically-generated service CA certificate to connect to on-cluster services. + +If you want to use off-cluster services that require custom CA certificates, you can add the required certificates to a config map. Then, add the config map to the `KedaController` custom resource as described in xref:../../nodes/cma/nodes-cma-autoscaling-custom-install.adoc#nodes-cma-autoscaling-custom-install[Installing the custom metrics autoscaler]. The Operator loads those certificates on start-up and registers them as trusted by the Operator. + +The config maps can contain one or more certificate files that contain one or more PEM-encoded CA certificates. Or, you can use separate config maps for each certificate file. + +[NOTE] +==== +If you later update the config map to add additional certificates, you must restart the `keda-operator-*` pod for the changes to take effect. +==== +