add app-autoscaler to scf #1594
Conversation
There was a problem hiding this comment.
Some minor changes.
How would we best test this? It might be worthwhile resurrecting the old autoscaler test we had, but it's also quite probable that things have changed so much it would make more sense to just write a new one and put it somewhere. In general, though, getting the computer to test things for us means we don't have to think about it ever again 😀
| protocol: TCP | ||
| external: 5432 | ||
| internal: 5432 | ||
| public: true |
There was a problem hiding this comment.
Does this need to be public? I'd think only things internal to the cluster need to connect to postgres (and not random things on the internet).
| release_name: postgres | ||
| processes: | ||
| - name: postgres | ||
| tags: [headless] |
There was a problem hiding this comment.
This being headless is… unexpected, but okay. I'd have thought clients would need a fixed hostname to use to connect to the database.
There was a problem hiding this comment.
Ah, you use the -set hostname to connect to it (and rely on that round-robin DNS). Okay. Have you tried it with multiple replicas of this?
| public: true | ||
| healthcheck: | ||
| readiness: | ||
| - name: asapi |
There was a problem hiding this comment.
It might be clearer to call this scaler-api or something along those lines? Similar comments apply to all the other roles.
| @@ -1534,6 +1534,176 @@ roles: | |||
| memory: 256 | |||
| virtual-cpus: 1 | |||
| exposed-ports: [] | |||
|
|
|||
| # cf app-autoscaler | |||
| - name: autoscalerpostgres | |||
There was a problem hiding this comment.
The name is a little unreadable, but at least still unambiguous… a dash might make it better, assuming it works: autoscaler-postgres.
| max: 3 | ||
| ha: 2 | ||
| capabilities: [] | ||
| persistent-volumes: |
There was a problem hiding this comment.
Consider using the new format:
volumes:
- path: /var/vcap/store
type: persistent
tag: postgres-data
size: 100|
|
||
| configuration: | ||
| templates: | ||
| properties.route_registrar.routes: '[{"name":"autoscalerapiserver", "port":((AUTOSCALER_API_SERVER_PUBLIC_PORT)), "tags":{"component":"autoscalerapiserver"}, "uris":["autoscaler.((DOMAIN))"], "registration_interval":"10s"},{"name":"autoscalerservicebroker", "port":((AUTOSCALER_SERVICE_BROKER_PUBLIC_PORT)), "tags":{"component":"autoscalerservicebroker"}, "uris":["autoscalerservicebroker.((DOMAIN))"], "registration_interval":"10s"}]' |
There was a problem hiding this comment.
This may be easier to read when written in the folded style, but it'll be harder to move around. Up to you.
| default: 0 | ||
| description: "" | ||
| - name: AUTOSCALER_API_SERVER_HOST | ||
| default: "asapi" |
There was a problem hiding this comment.
I don't think this should actually be user-configurable (since the role name is hard coded in the role manifest), right? Similarly for a bunch of other host names.
| @@ -2574,8 +3275,57 @@ configuration: | |||
| properties.acceptance_tests_brain.domain: '"((DOMAIN))"' | |||
| properties.acceptance_tests_brain.password: '"((CLUSTER_ADMIN_PASSWORD))"' | |||
| properties.acceptance_tests_brain.tcp_domain: '"((TCP_DOMAIN))"' | |||
| properties.api_server.ca_cert: '"((INTERNAL_CA_CERT))"' | |||
There was a problem hiding this comment.
Seeing as the property name is a bit generic (what api_server?), it might make more sense to put it in the asapi role?
| @@ -2661,8 +3411,15 @@ configuration: | |||
| properties.cf-usb.mysql_address: 'mysql-proxy.((KUBERNETES_NAMESPACE)).svc.((KUBERNETES_CLUSTER_DOMAIN))' | |||
| properties.cf-usb.mysql_password: "((MYSQL_CF_USB_PASSWORD))" | |||
| properties.cf.admin_password: '"((CLUSTER_ADMIN_PASSWORD))"' | |||
| properties.cf.api: '"((AUTOSCALER_CF_SCHEME))://((AUTOSCALER_CF_HOSTNAME)).((DOMAIN)):((AUTOSCALER_CF_PORT))"' | |||
There was a problem hiding this comment.
These things that aren't shared across the rest of the deployment should go in role-specific configuration as well. Maybe even use YAML magic to merge them if they're used across multiple roles (that are all autoscaler).
| memory: 256 | ||
| virtual-cpus: 2 | ||
| exposed-ports: | ||
| - name: apiport #apiserverport |
There was a problem hiding this comment.
Calling this api-port might be clearer. Or possibly drop the -port suffix, if the port name becomes too long: api-server.
|
@mook-as Thank you for you comments. We will update the PR later. |
|
@mook-as updated the pr. |
| description: "" | ||
| - name: AUTOSCALER_SERVICE_BROKER_PASSWORD | ||
| default: "password" | ||
| description: "" |
There was a problem hiding this comment.
This should be using a password generator
| properties.autoscaler.api_server.service_broker.ca_cert: '"((INTERNAL_CA_CERT))"' | ||
| properties.autoscaler.api_server.service_broker.client_cert: '"((AUTOSCALER_ASAPI_CLIENT_CERT))"' | ||
| properties.autoscaler.api_server.service_broker.client_key: '"((AUTOSCALER_ASAPI_CLIENT_KEY))"' | ||
| properties.autoscaler.api_server.service_broker.host: '"autoscaler-api.((KUBERNETES_NAMESPACE)).svc.((KUBERNETES_CLUSTER_DOMAIN))"' |
There was a problem hiding this comment.
I believe nothing actually registers the broker to CF, right? Shouldn't it?
There was a problem hiding this comment.
@mook-as The service broker should be registered to CF as below:
cf create-service-broker autoscaler
There was a problem hiding this comment.
I actually needed cf create-service-broker autoscaler p('autoscaler.service_broker.username') p('autoscaler.service_broker.password') http://<%= p('autoscaler.service_broker.api_server.host') %>:<%= p('autoscaler.service_broker.api_server.port') %>, but yes.
I'm trying to get some tests in so that we don't accidentally break things; is there a smoke test for the autoscaler available? I got the acceptance tests integrated into SCF (will PR soon), but that took an hour on my machine. I'm looking for something more like one minute or less.
|
@mook-as |
|
Hi! Thanks for the changes. I made a PR into your branch to implement a smoke test of sorts, to ensure that we don't accidentally break the autoscaler in the future. Three minutes was a bit longer than what I was looking for, but it looks like the default configuration doesn't let me lower it more. Hopefully that shows you the sort of thing I'm looking for :) Note that we might, in the future, end up defaulting the autoscaler to be opt-in (as in, zero instances of the relevant pods by default); that depends on how the vagrant boxes respond to having more things running on them — they're already a bit sluggish running CATS. But that will happen in a subsequent PR. |
|
@mook-as Actually we should not use "autoscaler.service_broker.api_server.host" because it is the autoscaler apiserver host. But as apiserver and servicebroker are deployed in the same pod, it is ok. And for acceptance test, to run all the tests parallel it will take 20-40 minutes, and if serially, it will take more time. 1. service binding&unbinding As you mentioned, you want a test only takes a short time, I think you could just test the binding&unbinding. |
|
@qibobo Thanks for the feedback! I'll update qibobo/scf#1 with your comments. |
* scf-release: Add smoke tests for autoscaler This takes about 3 minutes to run. * Jenkinsfile: Run autoscaler smoke test by default * Role manifest: update autoscaler-smoke - Use external API server for autoscaler - Drop unused environment script - Drop limits on role (see #1618 for details) * autoscaler: update smoke tests for review feedback - Call the property …service_broker_endpoint instead of …api - Update example to the correct value
No description provided.