Merge branch 'main' into spiritzhou/cesta

README.md

@@ -21,7 +21,7 @@ $ helm repo add kedacore https://kedacore.github.io/charts
 $ helm search repo kedacore
 NAME                                            CHART VERSION   APP VERSION     DESCRIPTION
 kedacore/external-scaler-azure-cosmos-db        0.1.0           0.1.0           Event-based autoscaler for Azure Cosmos DB chan...
-kedacore/keda                                   2.15.1          2.15.1          Event-based autoscaler for workloads on Kubernetes
+kedacore/keda                                   2.15.2          2.15.1          Event-based autoscaler for workloads on Kubernetes
 kedacore/keda-add-ons-http                      0.8.0           0.8.0           Event-based autoscaler for HTTP workloads on Ku...
 ```
 

http-add-on/README.md

@@ -133,7 +133,7 @@ their default values.
 | `scaler.nodeSelector` | object | `{}` | Node selector for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/)) |
 | `scaler.pendingRequestsInterceptor` | int | `200` | The number of "target requests" that the external scaler will report to KEDA for the interceptor's scaling metrics. See the [KEDA external scaler documentation](https://keda.sh/docs/2.4/concepts/external-scalers/) for details on target requests. |
 | `scaler.pullPolicy` | string | `"Always"` | The image pull policy for the scaler component |
-| `scaler.replicas` | int | `3` | Number of replicas  |
+| `scaler.replicas` | int | `3` | Number of replicas |
 | `scaler.resources.limits.cpu` | float | `0.5` |  |
 | `scaler.resources.limits.memory` | string | `"64Mi"` |  |
 | `scaler.resources.requests.cpu` | string | `"250m"` |  |
@@ -157,6 +157,9 @@ their default values.
 | `interceptor.keepAlive` | string | `"1s"` | The interceptor's connection keep alive timeout |
 | `interceptor.maxIdleConns` | int | `100` | The maximum number of idle connections allowed in the interceptor's in-memory connection pool. Set to 0 to indicate no limit |
 | `interceptor.nodeSelector` | object | `{}` | Node selector for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/)) |
+| `interceptor.pdb.enabled` | bool | `true` | Whether to install the `PodDisruptionBudget` for the interceptor |
+| `interceptor.pdb.maxUnavailable` | int | `1` | The maximum number of replicas that can be unavailable for the interceptor |
+| `interceptor.pdb.minAvailable` | int | `0` | The minimum number of replicas that should be available for the interceptor |
 | `interceptor.proxy.port` | int | `8080` | The port on which the interceptor's proxy service will listen for live HTTP traffic |
 | `interceptor.proxy.service` | string | `"interceptor-proxy"` | The name of the Kubernetes `Service` for the interceptor's proxy service. This is the service that accepts live HTTP traffic. |
 | `interceptor.pullPolicy` | string | `"Always"` | The image pull policy for the interceptor component |
@@ -175,6 +178,7 @@ their default values.
 | `interceptor.tls.port` | int | `8443` | Port that the interceptor proxy TLS server should be started on |
 | `interceptor.tlsHandshakeTimeout` | string | `"10s"` | The maximum amount of time the interceptor will wait for a TLS handshake. Set to zero to indicate no timeout. |
 | `interceptor.tolerations` | list | `[]` | Tolerations for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)) |
+| `interceptor.topologySpreadConstraints` | list | `[]` | Topology spread constraints ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/)) |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to
 `helm install`. For example:

http-add-on/templates/crd.yaml

@@ -93,8 +93,9 @@ spec:
                     type: integer
                 type: object
               scaleTargetRef:
-                description: The name of the deployment to route HTTP requests to
-                  (and to autoscale).
+                description: |-
+                  The name of the deployment to route HTTP requests to (and to autoscale).
+                  Including validation as a requirement to define either the PortName or the Port
                 properties:
                   apiVersion:
                     type: string
@@ -110,13 +111,18 @@ spec:
                     description: The port to route to
                     format: int32
                     type: integer
+                  portName:
+                    description: The port to route to referenced by name
+                    type: string
                   service:
                     description: The name of the service to route to
                     type: string
                 required:
-                - port
                 - service
                 type: object
+                x-kubernetes-validations:
+                - message: must define either the 'portName' or the 'port'
+                  rule: has(self.portName) != has(self.port)
               scaledownPeriod:
                 description: (optional) Cooldown period value
                 format: int32
@@ -152,7 +158,7 @@ spec:
                     type: object
                 type: object
               targetPendingRequests:
-                description: (optional) DEPRECATED (use SscalingMetric instead) Target
+                description: (optional) DEPRECATED (use ScalingMetric instead) Target
                   metric value
                 format: int32
                 type: integer
@@ -210,4 +216,3 @@ spec:
     subresources:
       status: {}
 {{ end }}
-

http-add-on/templates/interceptor/deployment.yaml

@@ -122,3 +122,7 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.interceptor.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

http-add-on/templates/interceptor/rbac.yml

@@ -13,6 +13,14 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - http.keda.sh
   resources:

http-add-on/values.yaml

@@ -170,6 +170,8 @@ interceptor:
   tolerations: []
   # -- Affinity for pod scheduling ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/))
   affinity: {}
+  # -- Topology spread constraints ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/))
+  topologySpreadConstraints: []
   # interceptor pod resource limits
   resources:
     # -- The CPU/memory resource limit for the operator component

keda/Chart.yaml

@@ -8,7 +8,7 @@ kubeVersion: ">=v1.23.0-0"
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 2.15.1
+version: 2.15.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
@@ -21,7 +21,7 @@ sources:
 maintainers:
   - name: Jorge Turrado
     email: [email protected]
-  - name: Tom Kerkhove
-    email: [email protected]
   - name: Zbynek Roubalik
     email: [email protected]
+  - name: Jan Wozniak
+    email: [email protected]

keda/README.md

@@ -109,6 +109,7 @@ their default values.
 | `podSecurityContext` | object | [See below](#KEDA-is-secure-by-default) | [Pod security context] for all pods |
 | `priorityClassName` | string | `""` | priorityClassName for all KEDA components |
 | `rbac.aggregateToDefaultRoles` | bool | `false` | Specifies whether RBAC for CRDs should be [aggregated](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles) to default roles (view, edit, admin) |
+| `rbac.controlPlaneServiceAccountsNamespace` | string | `"kube-system"` | Customize the namespace of k8s metrics-server deployment This could also be achieved by the Kubernetes control plane manager flag --use-service-account-credentials: [docs](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/) |
 | `rbac.create` | bool | `true` | Specifies whether RBAC should be used |
 | `rbac.enabledCustomScaledRefKinds` | bool | `true` | Whether RBAC for configured CRDs that can have a `scale` subresource should be created |
 | `rbac.scaledRefKinds` | list | `[{"apiGroup":"*","kind":"*"}]` | List of custom resources that support the `scale` subresource and can be referenced by `scaledobject.spec.scaleTargetRef`. The feature needs to be also enabled by `enabledCustomScaledRefKinds`. If left empty, RBAC for `apiGroups: *` and `resources: *, */scale` will be created note: Deployments and StatefulSets are supported out of the box |

keda/templates/manager/minimal-rbac.yaml

@@ -35,6 +35,7 @@ rules:
   - create
   - update
 {{- if .Values.permissions.operator.restrict.secret }}
+  - get
   - list
   - watch
 {{- end }}

keda/templates/metrics-server/clusterrolebinding.yaml

@@ -31,7 +31,7 @@ metadata:
     app.kubernetes.io/name: {{ .Values.operator.name }}-auth-reader
     {{- include "keda.labels" . | indent 4 }}
   name: {{ .Values.operator.name }}-auth-reader
-  namespace: kube-system
+  namespace: {{ .Values.rbac.controlPlaneServiceAccountsNamespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -59,5 +59,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: horizontal-pod-autoscaler
-  namespace: kube-system
+  namespace: {{ .Values.rbac.controlPlaneServiceAccountsNamespace }}
 {{- end -}}

keda/templates/metrics-server/service.yaml

@@ -32,6 +32,7 @@ spec:
     port: {{ .Values.service.portHttps }}
     targetPort: {{ .Values.service.portHttpsTarget }}
     protocol: TCP
+    appProtocol: https
   - name: {{ .Values.prometheus.metricServer.portName }}
     port: {{ .Values.prometheus.metricServer.port }}
     targetPort: {{ .Values.prometheus.metricServer.port }}

keda/templates/webhooks/service.yaml

@@ -31,6 +31,7 @@ spec:
     port: 443
     protocol: TCP
     targetPort: {{ .Values.webhooks.port | default 9443 }}
+    appProtocol: https
   {{- if .Values.prometheus.webhooks.enabled }}
   - name: {{ .Values.prometheus.webhooks.serviceMonitor.port }}
     port: {{ .Values.prometheus.webhooks.port }}

keda/values.yaml

@@ -276,6 +276,10 @@ rbac:
 
   # -- Whether RBAC for configured CRDs that can have a `scale` subresource should be created
   enabledCustomScaledRefKinds: true
+  # -- Customize the namespace of k8s metrics-server deployment
+  # This could also be achieved by the Kubernetes control plane manager flag --use-service-account-credentials:
+  # [docs](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/)
+  controlPlaneServiceAccountsNamespace: kube-system
   # -- List of custom resources that support the `scale` subresource and can be referenced by `scaledobject.spec.scaleTargetRef`.
   # The feature needs to be also enabled by `enabledCustomScaledRefKinds`.
   # If left empty, RBAC for `apiGroups: *` and `resources: *, */scale` will be created