-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add app-autoscaler to scf #1594
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some minor changes.
How would we best test this? It might be worthwhile resurrecting the old autoscaler test we had, but it's also quite probable that things have changed so much it would make more sense to just write a new one and put it somewhere. In general, though, getting the computer to test things for us means we don't have to think about it ever again 😀
protocol: TCP | ||
external: 5432 | ||
internal: 5432 | ||
public: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this need to be public? I'd think only things internal to the cluster need to connect to postgres (and not random things on the internet).
release_name: postgres | ||
processes: | ||
- name: postgres | ||
tags: [headless] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This being headless is… unexpected, but okay. I'd have thought clients would need a fixed hostname to use to connect to the database.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, you use the -set
hostname to connect to it (and rely on that round-robin DNS). Okay. Have you tried it with multiple replicas of this?
public: true | ||
healthcheck: | ||
readiness: | ||
- name: asapi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be clearer to call this scaler-api
or something along those lines? Similar comments apply to all the other roles.
@@ -1534,6 +1534,176 @@ roles: | |||
memory: 256 | |||
virtual-cpus: 1 | |||
exposed-ports: [] | |||
|
|||
# cf app-autoscaler | |||
- name: autoscalerpostgres |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The name is a little unreadable, but at least still unambiguous… a dash might make it better, assuming it works: autoscaler-postgres
.
max: 3 | ||
ha: 2 | ||
capabilities: [] | ||
persistent-volumes: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider using the new format:
volumes:
- path: /var/vcap/store
type: persistent
tag: postgres-data
size: 100
|
||
configuration: | ||
templates: | ||
properties.route_registrar.routes: '[{"name":"autoscalerapiserver", "port":((AUTOSCALER_API_SERVER_PUBLIC_PORT)), "tags":{"component":"autoscalerapiserver"}, "uris":["autoscaler.((DOMAIN))"], "registration_interval":"10s"},{"name":"autoscalerservicebroker", "port":((AUTOSCALER_SERVICE_BROKER_PUBLIC_PORT)), "tags":{"component":"autoscalerservicebroker"}, "uris":["autoscalerservicebroker.((DOMAIN))"], "registration_interval":"10s"}]' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This may be easier to read when written in the folded style, but it'll be harder to move around. Up to you.
default: 0 | ||
description: "" | ||
- name: AUTOSCALER_API_SERVER_HOST | ||
default: "asapi" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this should actually be user-configurable (since the role name is hard coded in the role manifest), right? Similarly for a bunch of other host names.
@@ -2574,8 +3275,57 @@ configuration: | |||
properties.acceptance_tests_brain.domain: '"((DOMAIN))"' | |||
properties.acceptance_tests_brain.password: '"((CLUSTER_ADMIN_PASSWORD))"' | |||
properties.acceptance_tests_brain.tcp_domain: '"((TCP_DOMAIN))"' | |||
properties.api_server.ca_cert: '"((INTERNAL_CA_CERT))"' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seeing as the property name is a bit generic (what api_server
?), it might make more sense to put it in the asapi
role?
@@ -2661,8 +3411,15 @@ configuration: | |||
properties.cf-usb.mysql_address: 'mysql-proxy.((KUBERNETES_NAMESPACE)).svc.((KUBERNETES_CLUSTER_DOMAIN))' | |||
properties.cf-usb.mysql_password: "((MYSQL_CF_USB_PASSWORD))" | |||
properties.cf.admin_password: '"((CLUSTER_ADMIN_PASSWORD))"' | |||
properties.cf.api: '"((AUTOSCALER_CF_SCHEME))://((AUTOSCALER_CF_HOSTNAME)).((DOMAIN)):((AUTOSCALER_CF_PORT))"' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These things that aren't shared across the rest of the deployment should go in role-specific configuration as well. Maybe even use YAML magic to merge them if they're used across multiple roles (that are all autoscaler).
memory: 256 | ||
virtual-cpus: 2 | ||
exposed-ports: | ||
- name: apiport #apiserverport |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Calling this api-port
might be clearer. Or possibly drop the -port
suffix, if the port name becomes too long: api-server
.
@mook-as Thank you for you comments. We will update the PR later. |
@mook-as updated the pr. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the updates! There's still no indication of how I can test this to confirm that it works though. I'll try to see if I can hack something up…
description: "" | ||
- name: AUTOSCALER_SERVICE_BROKER_PASSWORD | ||
default: "password" | ||
description: "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be using a password generator
properties.autoscaler.api_server.service_broker.ca_cert: '"((INTERNAL_CA_CERT))"' | ||
properties.autoscaler.api_server.service_broker.client_cert: '"((AUTOSCALER_ASAPI_CLIENT_CERT))"' | ||
properties.autoscaler.api_server.service_broker.client_key: '"((AUTOSCALER_ASAPI_CLIENT_KEY))"' | ||
properties.autoscaler.api_server.service_broker.host: '"autoscaler-api.((KUBERNETES_NAMESPACE)).svc.((KUBERNETES_CLUSTER_DOMAIN))"' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe nothing actually registers the broker to CF, right? Shouldn't it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mook-as The service broker should be registered to CF as below:
cf create-service-broker autoscaler
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I actually needed cf create-service-broker autoscaler p('autoscaler.service_broker.username') p('autoscaler.service_broker.password') http://<%= p('autoscaler.service_broker.api_server.host') %>:<%= p('autoscaler.service_broker.api_server.port') %>
, but yes.
I'm trying to get some tests in so that we don't accidentally break things; is there a smoke test for the autoscaler available? I got the acceptance tests integrated into SCF (will PR soon), but that took an hour on my machine. I'm looking for something more like one minute or less.
@mook-as |
Hi! Thanks for the changes. I made a PR into your branch to implement a smoke test of sorts, to ensure that we don't accidentally break the autoscaler in the future. Three minutes was a bit longer than what I was looking for, but it looks like the default configuration doesn't let me lower it more. Hopefully that shows you the sort of thing I'm looking for :) Note that we might, in the future, end up defaulting the autoscaler to be opt-in (as in, zero instances of the relevant pods by default); that depends on how the vagrant boxes respond to having more things running on them — they're already a bit sluggish running CATS. But that will happen in a subsequent PR. |
@mook-as Actually we should not use "autoscaler.service_broker.api_server.host" because it is the autoscaler apiserver host. But as apiserver and servicebroker are deployed in the same pod, it is ok. And for acceptance test, to run all the tests parallel it will take 20-40 minutes, and if serially, it will take more time. 1. service binding&unbinding As you mentioned, you want a test only takes a short time, I think you could just test the binding&unbinding. |
@qibobo Thanks for the feedback! I'll update qibobo/scf#1 with your comments. |
* scf-release: Add smoke tests for autoscaler This takes about 3 minutes to run. * Jenkinsfile: Run autoscaler smoke test by default * Role manifest: update autoscaler-smoke - Use external API server for autoscaler - Drop unused environment script - Drop limits on role (see #1618 for details) * autoscaler: update smoke tests for review feedback - Call the property …service_broker_endpoint instead of …api - Update example to the correct value
No description provided.