diff --git a/docs/docs/100-reference/01-command-line/acorn_install.md b/docs/docs/100-reference/01-command-line/acorn_install.md index ce50ad05c..be398071e 100644 --- a/docs/docs/100-reference/01-command-line/acorn_install.md +++ b/docs/docs/100-reference/01-command-line/acorn_install.md @@ -19,61 +19,62 @@ acorn install ### Options ``` - --acorn-dns string enabled|disabled|auto. If enabled, containers created by Acorn will get public FQDNs. Auto functions as disabled if a custom clusterDomain has been supplied (default auto) - --acorn-dns-endpoint string The URL to access the Acorn DNS service - --allow-traffic-from-namespace strings Namespaces that are allowed to send network traffic to all Acorn apps - --allow-user-annotation strings Allow these annotations to propagate to dependent objects, no effect if --ignore-user-labels-and-annotations not true - --allow-user-label strings Allow these labels to propagate to dependent objects, no effect if --ignore-user-labels-and-annotations not true - --allow-user-metadata-namespace strings Allow these namespaces to propagate labels and annotations to dependent objects, no effect if --ignore-user-labels-and-annotations not true - --api-server-cpu string The CPU to allocate to the runtime-api-server in the format of : (example 200m:1000m) - --api-server-memory string The memory to allocate to the runtime-api-server in the format of : (example 256Mi:1Gi) - --api-server-pod-annotations stringArray annotations to apply to acorn-api pods - --api-server-replicas int acorn-api deployment replica count - --auto-upgrade-interval string For apps configured with automatic upgrades enabled, the interval at which to check for new versions. Upgrade intervals configured at the application level cannot be smaller than this. (default '5m' - 5 minutes) - --aws-identity-provider-arn string ARN of cluster's OpenID Connect provider registered in AWS - --builder-per-project Create a dedicated builder per project - --buildkitd-cpu string The CPU to allocate to buildkitd in the format of : (example 200m:1000m) - --buildkitd-memory string The memory to allocate to buildkitd in the format of : (example 256Mi:1Gi) - --buildkitd-service-cpu string The CPU to allocate to the buildkitd service in the format of : (example 200m:1000m) - --buildkitd-service-memory string The memory to allocate to the buildkitd service in the format of : (example 256Mi:1Gi) - --cert-manager-issuer string The name of the cert-manager cluster issuer to use for TLS certificates on custom domains - --cluster-domain strings The externally addressable cluster domain (default .oss-acorn.io) - --controller-cpu string The CPU to allocate to the runtime-controller in the format of : (example 200m:1000m) - --controller-memory string The memory to allocate to the runtime-controller in the format of : (example 256Mi:1Gi) - --controller-replicas int acorn-controller deployment replica count - --controller-service-account-annotation strings annotation to apply to the acorn-system service account - --event-ttl string Amount of time an Acorn event will be stored before being deleted (default '168h' - 7 days) - --features strings Enable or disable features. (example foo=true,bar=false) - -h, --help help for install - --http-endpoint-pattern string Go template for formatting application http endpoints. Valid variables to use are: App, Container, Namespace, Hash and ClusterDomain. (default pattern is {{hashConcat 8 .Container .App .Namespace | truncate}}.{{.ClusterDomain}}) - --ignore-user-labels-and-annotations Don't propagate user-defined labels and annotations to dependent objects - --image string Override the default image used for the deployment - --ingress-class-name string The ingress class name to assign to all created ingress resources (default '') - --ingress-controller-namespace string The namespace where the ingress controller runs - used to secure published HTTP ports with NetworkPolicies. - --internal-cluster-domain string The Kubernetes internal cluster domain (default svc.cluster.local) - --internal-registry-prefix string The image prefix to use when pushing internal images (example ghcr.io/my-org/) - --lets-encrypt string enabled|disabled|staging. If enabled, acorn generated endpoints will be secured using TLS certificate from Let's Encrypt. Staging uses Let's Encrypt's staging environment. (default disabled) - --lets-encrypt-email string Required if --lets-encrypt=enabled. The email address to use for Let's Encrypt registration(default '') - --lets-encrypt-tos-agree Required if --lets-encrypt=enabled. If true, you agree to the Let's Encrypt terms of service (default false) - --manage-volume-classes Manually manage volume classes rather than sync with storage classes, setting to 'true' will delete Acorn-created volume classes - --network-policies Create Kubernetes NetworkPolicies which block cross-project network traffic (default false) - -o, --output string Output manifests instead of applying them (json, yaml) - --pod-security-enforce-profile string The name of the PodSecurity profile to set (default baseline) - --profile string The name of the profile to use for the installation. Profiles options are production (prod) and default. (default profile is default) - --propagate-project-annotation strings The list of keys of annotations to propagate from acorn project to app namespaces - --propagate-project-label strings The list of keys of labels to propagate from acorn project to app namespaces - --publish-builders Publish the builders through ingress to so build traffic does not traverse the api-server - --quiet Only output errors encountered during installation - --record-builds Keep a record of each acorn build that happens - --registry-cpu string The CPU to allocate to the registry in the format of : (example 200m:1000m) - --registry-memory string The memory to allocate to the registry in the format of : (example 256Mi:1Gi) - --service-lb-annotation strings Annotation to add to the service of type LoadBalancer. Defaults to empty. (example key=value) - --set-pod-security-enforce-profile Set the PodSecurity profile on created namespaces (default true) - --skip-checks Bypass installation checks - --use-custom-ca-bundle Use CA bundle for admin supplied secret for all acorn control plane components. Defaults to false. - --volume-size-default string Set the default size for acorn volumes. Accepts storage suffixes (K, M, G, Ki, Mi, Gi, etc) and "." and "_" separators (default 0) - -m, --workload-memory-default string Set the default memory for acorn workloads. Accepts binary suffixes (Ki, Mi, Gi, etc) and "." and "_" separators (default 0) - --workload-memory-maximum string Set the maximum memory for acorn workloads. Accepts binary suffixes (Ki, Mi, Gi, etc) and "." and "_" separators (default 0) + --acorn-dns string enabled|disabled|auto. If enabled, containers created by Acorn will get public FQDNs. Auto functions as disabled if a custom clusterDomain has been supplied (default auto) + --acorn-dns-endpoint string The URL to access the Acorn DNS service + --allow-traffic-from-namespace strings Namespaces that are allowed to send network traffic to all Acorn apps + --allow-user-annotation strings Allow these annotations to propagate to dependent objects, no effect if --ignore-user-labels-and-annotations not true + --allow-user-label strings Allow these labels to propagate to dependent objects, no effect if --ignore-user-labels-and-annotations not true + --allow-user-metadata-namespace strings Allow these namespaces to propagate labels and annotations to dependent objects, no effect if --ignore-user-labels-and-annotations not true + --api-server-cpu string The CPU to allocate to the runtime-api-server in the format of : (example 200m:1000m) + --api-server-memory string The memory to allocate to the runtime-api-server in the format of : (example 256Mi:1Gi) + --api-server-pod-annotations stringArray annotations to apply to acorn-api pods + --api-server-replicas int acorn-api deployment replica count + --auto-configure-karpenter-dont-evict-annotations Automatically configure Karpenter to not evict pods with the given annotations if app is running a single replica. (default false) + --auto-upgrade-interval string For apps configured with automatic upgrades enabled, the interval at which to check for new versions. Upgrade intervals configured at the application level cannot be smaller than this. (default '5m' - 5 minutes) + --aws-identity-provider-arn string ARN of cluster's OpenID Connect provider registered in AWS + --builder-per-project Create a dedicated builder per project + --buildkitd-cpu string The CPU to allocate to buildkitd in the format of : (example 200m:1000m) + --buildkitd-memory string The memory to allocate to buildkitd in the format of : (example 256Mi:1Gi) + --buildkitd-service-cpu string The CPU to allocate to the buildkitd service in the format of : (example 200m:1000m) + --buildkitd-service-memory string The memory to allocate to the buildkitd service in the format of : (example 256Mi:1Gi) + --cert-manager-issuer string The name of the cert-manager cluster issuer to use for TLS certificates on custom domains + --cluster-domain strings The externally addressable cluster domain (default .oss-acorn.io) + --controller-cpu string The CPU to allocate to the runtime-controller in the format of : (example 200m:1000m) + --controller-memory string The memory to allocate to the runtime-controller in the format of : (example 256Mi:1Gi) + --controller-replicas int acorn-controller deployment replica count + --controller-service-account-annotation strings annotation to apply to the acorn-system service account + --event-ttl string Amount of time an Acorn event will be stored before being deleted (default '168h' - 7 days) + --features strings Enable or disable features. (example foo=true,bar=false) + -h, --help help for install + --http-endpoint-pattern string Go template for formatting application http endpoints. Valid variables to use are: App, Container, Namespace, Hash and ClusterDomain. (default pattern is {{hashConcat 8 .Container .App .Namespace | truncate}}.{{.ClusterDomain}}) + --ignore-user-labels-and-annotations Don't propagate user-defined labels and annotations to dependent objects + --image string Override the default image used for the deployment + --ingress-class-name string The ingress class name to assign to all created ingress resources (default '') + --ingress-controller-namespace string The namespace where the ingress controller runs - used to secure published HTTP ports with NetworkPolicies. + --internal-cluster-domain string The Kubernetes internal cluster domain (default svc.cluster.local) + --internal-registry-prefix string The image prefix to use when pushing internal images (example ghcr.io/my-org/) + --lets-encrypt string enabled|disabled|staging. If enabled, acorn generated endpoints will be secured using TLS certificate from Let's Encrypt. Staging uses Let's Encrypt's staging environment. (default disabled) + --lets-encrypt-email string Required if --lets-encrypt=enabled. The email address to use for Let's Encrypt registration(default '') + --lets-encrypt-tos-agree Required if --lets-encrypt=enabled. If true, you agree to the Let's Encrypt terms of service (default false) + --manage-volume-classes Manually manage volume classes rather than sync with storage classes, setting to 'true' will delete Acorn-created volume classes + --network-policies Create Kubernetes NetworkPolicies which block cross-project network traffic (default false) + -o, --output string Output manifests instead of applying them (json, yaml) + --pod-security-enforce-profile string The name of the PodSecurity profile to set (default baseline) + --profile string The name of the profile to use for the installation. Profiles options are production (prod) and default. (default profile is default) + --propagate-project-annotation strings The list of keys of annotations to propagate from acorn project to app namespaces + --propagate-project-label strings The list of keys of labels to propagate from acorn project to app namespaces + --publish-builders Publish the builders through ingress to so build traffic does not traverse the api-server + --quiet Only output errors encountered during installation + --record-builds Keep a record of each acorn build that happens + --registry-cpu string The CPU to allocate to the registry in the format of : (example 200m:1000m) + --registry-memory string The memory to allocate to the registry in the format of : (example 256Mi:1Gi) + --service-lb-annotation strings Annotation to add to the service of type LoadBalancer. Defaults to empty. (example key=value) + --set-pod-security-enforce-profile Set the PodSecurity profile on created namespaces (default true) + --skip-checks Bypass installation checks + --use-custom-ca-bundle Use CA bundle for admin supplied secret for all acorn control plane components. Defaults to false. + --volume-size-default string Set the default size for acorn volumes. Accepts storage suffixes (K, M, G, Ki, Mi, Gi, etc) and "." and "_" separators (default 0) + -m, --workload-memory-default string Set the default memory for acorn workloads. Accepts binary suffixes (Ki, Mi, Gi, etc) and "." and "_" separators (default 0) + --workload-memory-maximum string Set the maximum memory for acorn workloads. Accepts binary suffixes (Ki, Mi, Gi, etc) and "." and "_" separators (default 0) ``` ### Options inherited from parent commands diff --git a/pkg/apis/api.acorn.io/v1/types.go b/pkg/apis/api.acorn.io/v1/types.go index 813e386b1..5dfa25c81 100644 --- a/pkg/apis/api.acorn.io/v1/types.go +++ b/pkg/apis/api.acorn.io/v1/types.go @@ -521,42 +521,43 @@ type Config struct { // For repeatable flags, ensure the struct and json fields are plural and the flag name is singular. // See ClusterDomains as an example. - IngressClassName *string `json:"ingressClassName" usage:"The ingress class name to assign to all created ingress resources (default '')"` - ClusterDomains []string `json:"clusterDomains" name:"cluster-domain" usage:"The externally addressable cluster domain (default .oss-acorn.io)"` - LetsEncrypt *string `json:"letsEncrypt" name:"lets-encrypt" usage:"enabled|disabled|staging. If enabled, acorn generated endpoints will be secured using TLS certificate from Let's Encrypt. Staging uses Let's Encrypt's staging environment. (default disabled)"` - LetsEncryptEmail string `json:"letsEncryptEmail" name:"lets-encrypt-email" usage:"Required if --lets-encrypt=enabled. The email address to use for Let's Encrypt registration(default '')"` - LetsEncryptTOSAgree *bool `json:"letsEncryptTOSAgree" name:"lets-encrypt-tos-agree" usage:"Required if --lets-encrypt=enabled. If true, you agree to the Let's Encrypt terms of service (default false)"` - SetPodSecurityEnforceProfile *bool `json:"setPodSecurityEnforceProfile" usage:"Set the PodSecurity profile on created namespaces (default true)"` - PodSecurityEnforceProfile string `json:"podSecurityEnforceProfile" usage:"The name of the PodSecurity profile to set (default baseline)" wrangler:"nullable"` - HttpEndpointPattern *string `json:"httpEndpointPattern" name:"http-endpoint-pattern" usage:"Go template for formatting application http endpoints. Valid variables to use are: App, Container, Namespace, Hash and ClusterDomain. (default pattern is {{hashConcat 8 .Container .App .Namespace | truncate}}.{{.ClusterDomain}})" wrangler:"nullable"` - InternalClusterDomain string `json:"internalClusterDomain" usage:"The Kubernetes internal cluster domain (default svc.cluster.local)" wrangler:"nullable"` - AcornDNS *string `json:"acornDNS" name:"acorn-dns" usage:"enabled|disabled|auto. If enabled, containers created by Acorn will get public FQDNs. Auto functions as disabled if a custom clusterDomain has been supplied (default auto)"` - AcornDNSEndpoint *string `json:"acornDNSEndpoint" name:"acorn-dns-endpoint" usage:"The URL to access the Acorn DNS service"` - AutoUpgradeInterval *string `json:"autoUpgradeInterval" name:"auto-upgrade-interval" usage:"For apps configured with automatic upgrades enabled, the interval at which to check for new versions. Upgrade intervals configured at the application level cannot be smaller than this. (default '5m' - 5 minutes)"` - RecordBuilds *bool `json:"recordBuilds" name:"record-builds" usage:"Keep a record of each acorn build that happens"` - PublishBuilders *bool `json:"publishBuilders" name:"publish-builders" usage:"Publish the builders through ingress to so build traffic does not traverse the api-server"` - BuilderPerProject *bool `json:"builderPerProject" name:"builder-per-project" usage:"Create a dedicated builder per project"` - InternalRegistryPrefix *string `json:"internalRegistryPrefix" name:"internal-registry-prefix" usage:"The image prefix to use when pushing internal images (example ghcr.io/my-org/)"` - IgnoreUserLabelsAndAnnotations *bool `json:"ignoreUserLabelsAndAnnotations" name:"ignore-user-labels-and-annotations" usage:"Don't propagate user-defined labels and annotations to dependent objects"` - AllowUserLabels []string `json:"allowUserLabels" name:"allow-user-label" usage:"Allow these labels to propagate to dependent objects, no effect if --ignore-user-labels-and-annotations not true"` - AllowUserAnnotations []string `json:"allowUserAnnotations" name:"allow-user-annotation" usage:"Allow these annotations to propagate to dependent objects, no effect if --ignore-user-labels-and-annotations not true"` - AllowUserMetadataNamespaces []string `json:"allowUserMetadataNamespaces" name:"allow-user-metadata-namespace" usage:"Allow these namespaces to propagate labels and annotations to dependent objects, no effect if --ignore-user-labels-and-annotations not true"` - WorkloadMemoryDefault *int64 `json:"workloadMemoryDefault" name:"workload-memory-default" quantity:"true" usage:"Set the default memory for acorn workloads. Accepts binary suffixes (Ki, Mi, Gi, etc) and \".\" and \"_\" separators (default 0)" short:"m"` - WorkloadMemoryMaximum *int64 `json:"workloadMemoryMaximum" name:"workload-memory-maximum" quantity:"true" usage:"Set the maximum memory for acorn workloads. Accepts binary suffixes (Ki, Mi, Gi, etc) and \".\" and \"_\" separators (default 0)"` - UseCustomCABundle *bool `json:"useCustomCABundle" name:"use-custom-ca-bundle" usage:"Use CA bundle for admin supplied secret for all acorn control plane components. Defaults to false."` - PropagateProjectAnnotations []string `json:"propagateProjectAnnotations" name:"propagate-project-annotation" usage:"The list of keys of annotations to propagate from acorn project to app namespaces"` - PropagateProjectLabels []string `json:"propagateProjectLabels" name:"propagate-project-label" usage:"The list of keys of labels to propagate from acorn project to app namespaces"` - ManageVolumeClasses *bool `json:"manageVolumeClasses" name:"manage-volume-classes" usage:"Manually manage volume classes rather than sync with storage classes, setting to 'true' will delete Acorn-created volume classes"` - VolumeSizeDefault string `json:"volumeSizeDefault" name:"volume-size-default" usage:"Set the default size for acorn volumes. Accepts storage suffixes (K, M, G, Ki, Mi, Gi, etc) and \".\" and \"_\" separators (default 0)"` - NetworkPolicies *bool `json:"networkPolicies" name:"network-policies" usage:"Create Kubernetes NetworkPolicies which block cross-project network traffic (default false)"` - IngressControllerNamespace *string `json:"ingressControllerNamespace" name:"ingress-controller-namespace" usage:"The namespace where the ingress controller runs - used to secure published HTTP ports with NetworkPolicies."` - AllowTrafficFromNamespace []string `json:"allowTrafficFromNamespace" name:"allow-traffic-from-namespace" usage:"Namespaces that are allowed to send network traffic to all Acorn apps"` - ServiceLBAnnotations []string `json:"serviceLBAnnotations" name:"service-lb-annotation" usage:"Annotation to add to the service of type LoadBalancer. Defaults to empty. (example key=value)"` - AWSIdentityProviderARN *string `json:"awsIdentityProviderArn" name:"aws-identity-provider-arn" usage:"ARN of cluster's OpenID Connect provider registered in AWS"` - EventTTL *string `json:"eventTTL" name:"event-ttl" usage:"Amount of time an Acorn event will be stored before being deleted (default '168h' - 7 days)"` - Features map[string]bool `json:"features" name:"features" boolmap:"true" usage:"Enable or disable features. (example foo=true,bar=false)"` - CertManagerIssuer *string `json:"certManagerIssuer" name:"cert-manager-issuer" usage:"The name of the cert-manager cluster issuer to use for TLS certificates on custom domains" default:""` - Profile *string `json:"profile" name:"profile" usage:"The name of the profile to use for the installation. Profiles options are production (prod) and default. (default profile is default)"` + IngressClassName *string `json:"ingressClassName" usage:"The ingress class name to assign to all created ingress resources (default '')"` + ClusterDomains []string `json:"clusterDomains" name:"cluster-domain" usage:"The externally addressable cluster domain (default .oss-acorn.io)"` + LetsEncrypt *string `json:"letsEncrypt" name:"lets-encrypt" usage:"enabled|disabled|staging. If enabled, acorn generated endpoints will be secured using TLS certificate from Let's Encrypt. Staging uses Let's Encrypt's staging environment. (default disabled)"` + LetsEncryptEmail string `json:"letsEncryptEmail" name:"lets-encrypt-email" usage:"Required if --lets-encrypt=enabled. The email address to use for Let's Encrypt registration(default '')"` + LetsEncryptTOSAgree *bool `json:"letsEncryptTOSAgree" name:"lets-encrypt-tos-agree" usage:"Required if --lets-encrypt=enabled. If true, you agree to the Let's Encrypt terms of service (default false)"` + SetPodSecurityEnforceProfile *bool `json:"setPodSecurityEnforceProfile" usage:"Set the PodSecurity profile on created namespaces (default true)"` + PodSecurityEnforceProfile string `json:"podSecurityEnforceProfile" usage:"The name of the PodSecurity profile to set (default baseline)" wrangler:"nullable"` + HttpEndpointPattern *string `json:"httpEndpointPattern" name:"http-endpoint-pattern" usage:"Go template for formatting application http endpoints. Valid variables to use are: App, Container, Namespace, Hash and ClusterDomain. (default pattern is {{hashConcat 8 .Container .App .Namespace | truncate}}.{{.ClusterDomain}})" wrangler:"nullable"` + InternalClusterDomain string `json:"internalClusterDomain" usage:"The Kubernetes internal cluster domain (default svc.cluster.local)" wrangler:"nullable"` + AcornDNS *string `json:"acornDNS" name:"acorn-dns" usage:"enabled|disabled|auto. If enabled, containers created by Acorn will get public FQDNs. Auto functions as disabled if a custom clusterDomain has been supplied (default auto)"` + AcornDNSEndpoint *string `json:"acornDNSEndpoint" name:"acorn-dns-endpoint" usage:"The URL to access the Acorn DNS service"` + AutoUpgradeInterval *string `json:"autoUpgradeInterval" name:"auto-upgrade-interval" usage:"For apps configured with automatic upgrades enabled, the interval at which to check for new versions. Upgrade intervals configured at the application level cannot be smaller than this. (default '5m' - 5 minutes)"` + RecordBuilds *bool `json:"recordBuilds" name:"record-builds" usage:"Keep a record of each acorn build that happens"` + PublishBuilders *bool `json:"publishBuilders" name:"publish-builders" usage:"Publish the builders through ingress to so build traffic does not traverse the api-server"` + BuilderPerProject *bool `json:"builderPerProject" name:"builder-per-project" usage:"Create a dedicated builder per project"` + InternalRegistryPrefix *string `json:"internalRegistryPrefix" name:"internal-registry-prefix" usage:"The image prefix to use when pushing internal images (example ghcr.io/my-org/)"` + IgnoreUserLabelsAndAnnotations *bool `json:"ignoreUserLabelsAndAnnotations" name:"ignore-user-labels-and-annotations" usage:"Don't propagate user-defined labels and annotations to dependent objects"` + AllowUserLabels []string `json:"allowUserLabels" name:"allow-user-label" usage:"Allow these labels to propagate to dependent objects, no effect if --ignore-user-labels-and-annotations not true"` + AllowUserAnnotations []string `json:"allowUserAnnotations" name:"allow-user-annotation" usage:"Allow these annotations to propagate to dependent objects, no effect if --ignore-user-labels-and-annotations not true"` + AllowUserMetadataNamespaces []string `json:"allowUserMetadataNamespaces" name:"allow-user-metadata-namespace" usage:"Allow these namespaces to propagate labels and annotations to dependent objects, no effect if --ignore-user-labels-and-annotations not true"` + WorkloadMemoryDefault *int64 `json:"workloadMemoryDefault" name:"workload-memory-default" quantity:"true" usage:"Set the default memory for acorn workloads. Accepts binary suffixes (Ki, Mi, Gi, etc) and \".\" and \"_\" separators (default 0)" short:"m"` + WorkloadMemoryMaximum *int64 `json:"workloadMemoryMaximum" name:"workload-memory-maximum" quantity:"true" usage:"Set the maximum memory for acorn workloads. Accepts binary suffixes (Ki, Mi, Gi, etc) and \".\" and \"_\" separators (default 0)"` + UseCustomCABundle *bool `json:"useCustomCABundle" name:"use-custom-ca-bundle" usage:"Use CA bundle for admin supplied secret for all acorn control plane components. Defaults to false."` + PropagateProjectAnnotations []string `json:"propagateProjectAnnotations" name:"propagate-project-annotation" usage:"The list of keys of annotations to propagate from acorn project to app namespaces"` + PropagateProjectLabels []string `json:"propagateProjectLabels" name:"propagate-project-label" usage:"The list of keys of labels to propagate from acorn project to app namespaces"` + ManageVolumeClasses *bool `json:"manageVolumeClasses" name:"manage-volume-classes" usage:"Manually manage volume classes rather than sync with storage classes, setting to 'true' will delete Acorn-created volume classes"` + VolumeSizeDefault string `json:"volumeSizeDefault" name:"volume-size-default" usage:"Set the default size for acorn volumes. Accepts storage suffixes (K, M, G, Ki, Mi, Gi, etc) and \".\" and \"_\" separators (default 0)"` + NetworkPolicies *bool `json:"networkPolicies" name:"network-policies" usage:"Create Kubernetes NetworkPolicies which block cross-project network traffic (default false)"` + IngressControllerNamespace *string `json:"ingressControllerNamespace" name:"ingress-controller-namespace" usage:"The namespace where the ingress controller runs - used to secure published HTTP ports with NetworkPolicies."` + AllowTrafficFromNamespace []string `json:"allowTrafficFromNamespace" name:"allow-traffic-from-namespace" usage:"Namespaces that are allowed to send network traffic to all Acorn apps"` + ServiceLBAnnotations []string `json:"serviceLBAnnotations" name:"service-lb-annotation" usage:"Annotation to add to the service of type LoadBalancer. Defaults to empty. (example key=value)"` + AWSIdentityProviderARN *string `json:"awsIdentityProviderArn" name:"aws-identity-provider-arn" usage:"ARN of cluster's OpenID Connect provider registered in AWS"` + EventTTL *string `json:"eventTTL" name:"event-ttl" usage:"Amount of time an Acorn event will be stored before being deleted (default '168h' - 7 days)"` + Features map[string]bool `json:"features" name:"features" boolmap:"true" usage:"Enable or disable features. (example foo=true,bar=false)"` + CertManagerIssuer *string `json:"certManagerIssuer" name:"cert-manager-issuer" usage:"The name of the cert-manager cluster issuer to use for TLS certificates on custom domains" default:""` + Profile *string `json:"profile" name:"profile" usage:"The name of the profile to use for the installation. Profiles options are production (prod) and default. (default profile is default)"` + AutoConfigureKarpenterDontEvictAnnotations *bool `json:"autoConfigureKarpenterDontEvictAnnotations" name:"auto-configure-karpenter-dont-evict-annotations" usage:"Automatically configure Karpenter to not evict pods with the given annotations if app is running a single replica. (default false)"` // Flags for setting resource request and limits on sytem components ControllerMemory *string `json:"controllerMemory" name:"controller-memory" usage:"The memory to allocate to the runtime-controller in the format of : (example 256Mi:1Gi)"` diff --git a/pkg/apis/api.acorn.io/v1/zz_generated.deepcopy.go b/pkg/apis/api.acorn.io/v1/zz_generated.deepcopy.go index c0b10b822..a319d08d3 100644 --- a/pkg/apis/api.acorn.io/v1/zz_generated.deepcopy.go +++ b/pkg/apis/api.acorn.io/v1/zz_generated.deepcopy.go @@ -573,6 +573,11 @@ func (in *Config) DeepCopyInto(out *Config) { *out = new(string) **out = **in } + if in.AutoConfigureKarpenterDontEvictAnnotations != nil { + in, out := &in.AutoConfigureKarpenterDontEvictAnnotations, &out.AutoConfigureKarpenterDontEvictAnnotations + *out = new(bool) + **out = **in + } if in.ControllerMemory != nil { in, out := &in.ControllerMemory, &out.ControllerMemory *out = new(string) diff --git a/pkg/config/config.go b/pkg/config/config.go index 72a6cc571..7b454ca64 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -155,6 +155,9 @@ func complete(ctx context.Context, c *apiv1.Config, getter kclient.Reader, inclu if c.CertManagerIssuer == nil { c.CertManagerIssuer = profile.CertManagerIssuer } + if c.AutoConfigureKarpenterDontEvictAnnotations == nil { + c.AutoConfigureKarpenterDontEvictAnnotations = profile.AutoConfigureKarpenterDontEvictAnnotations + } return nil } @@ -453,6 +456,9 @@ func merge(oldConfig, newConfig *apiv1.Config) *apiv1.Config { if newConfig.APIServerCPU != nil { mergedConfig.APIServerCPU = newConfig.APIServerCPU } + if newConfig.AutoConfigureKarpenterDontEvictAnnotations != nil { + mergedConfig.AutoConfigureKarpenterDontEvictAnnotations = newConfig.AutoConfigureKarpenterDontEvictAnnotations + } return &mergedConfig } diff --git a/pkg/controller/appdefinition/deploy.go b/pkg/controller/appdefinition/deploy.go index b0000f9a4..8096257dd 100644 --- a/pkg/controller/appdefinition/deploy.go +++ b/pkg/controller/appdefinition/deploy.go @@ -806,7 +806,13 @@ func toDeployment(req router.Request, appInstance *v1.AppInstance, tag name.Refe // Set karpenter do-not-evict annotation if scale is nil or 1. This prevents karpenter from evicting the pod if deployment is not running with more than 1 replica. if dep.Spec.Replicas == nil || *dep.Spec.Replicas == 1 { - dep.Spec.Template.Annotations["karpenter.sh/do-not-evict"] = "true" + cfg, err := config.Get(req.Ctx, req.Client) + if err != nil { + return nil, err + } + if z.Dereference(cfg.AutoConfigureKarpenterDontEvictAnnotations) { + dep.Spec.Template.Annotations["karpenter.sh/do-not-evict"] = "true" + } } return dep, nil diff --git a/pkg/openapi/generated/openapi_generated.go b/pkg/openapi/generated/openapi_generated.go index 1c1fd20a6..0ffe52164 100644 --- a/pkg/openapi/generated/openapi_generated.go +++ b/pkg/openapi/generated/openapi_generated.go @@ -2380,6 +2380,12 @@ func schema_pkg_apis_apiacornio_v1_Config(ref common.ReferenceCallback) common.O Format: "", }, }, + "autoConfigureKarpenterDontEvictAnnotations": { + SchemaProps: spec.SchemaProps{ + Type: []string{"boolean"}, + Format: "", + }, + }, "controllerMemory": { SchemaProps: spec.SchemaProps{ Description: "Flags for setting resource request and limits on sytem components", @@ -2442,7 +2448,7 @@ func schema_pkg_apis_apiacornio_v1_Config(ref common.ReferenceCallback) common.O }, }, }, - Required: []string{"ingressClassName", "clusterDomains", "letsEncrypt", "letsEncryptEmail", "letsEncryptTOSAgree", "setPodSecurityEnforceProfile", "podSecurityEnforceProfile", "httpEndpointPattern", "internalClusterDomain", "acornDNS", "acornDNSEndpoint", "autoUpgradeInterval", "recordBuilds", "publishBuilders", "builderPerProject", "internalRegistryPrefix", "ignoreUserLabelsAndAnnotations", "allowUserLabels", "allowUserAnnotations", "allowUserMetadataNamespaces", "workloadMemoryDefault", "workloadMemoryMaximum", "useCustomCABundle", "propagateProjectAnnotations", "propagateProjectLabels", "manageVolumeClasses", "volumeSizeDefault", "networkPolicies", "ingressControllerNamespace", "allowTrafficFromNamespace", "serviceLBAnnotations", "awsIdentityProviderArn", "eventTTL", "features", "certManagerIssuer", "profile", "controllerMemory", "controllerCPU", "apiServerMemory", "apiServerCPU", "buildkitdMemory", "buildkitdCPU", "buildkitdServiceMemory", "buildkitdServiceCPU", "registryMemory", "registryCPU"}, + Required: []string{"ingressClassName", "clusterDomains", "letsEncrypt", "letsEncryptEmail", "letsEncryptTOSAgree", "setPodSecurityEnforceProfile", "podSecurityEnforceProfile", "httpEndpointPattern", "internalClusterDomain", "acornDNS", "acornDNSEndpoint", "autoUpgradeInterval", "recordBuilds", "publishBuilders", "builderPerProject", "internalRegistryPrefix", "ignoreUserLabelsAndAnnotations", "allowUserLabels", "allowUserAnnotations", "allowUserMetadataNamespaces", "workloadMemoryDefault", "workloadMemoryMaximum", "useCustomCABundle", "propagateProjectAnnotations", "propagateProjectLabels", "manageVolumeClasses", "volumeSizeDefault", "networkPolicies", "ingressControllerNamespace", "allowTrafficFromNamespace", "serviceLBAnnotations", "awsIdentityProviderArn", "eventTTL", "features", "certManagerIssuer", "profile", "autoConfigureKarpenterDontEvictAnnotations", "controllerMemory", "controllerCPU", "apiServerMemory", "apiServerCPU", "buildkitdMemory", "buildkitdCPU", "buildkitdServiceMemory", "buildkitdServiceCPU", "registryMemory", "registryCPU"}, }, }, } diff --git a/pkg/profiles/default.go b/pkg/profiles/default.go index a44c5fc88..3ea66ae73 100644 --- a/pkg/profiles/default.go +++ b/pkg/profiles/default.go @@ -73,5 +73,6 @@ func defaultProfile() apiv1.Config { ControllerCPU: new(string), APIServerMemory: new(string), APIServerCPU: new(string), + AutoConfigureKarpenterDontEvictAnnotations: z.Pointer(true), } } diff --git a/pkg/profiles/production.go b/pkg/profiles/production.go index 7e444ec80..78fdec1ab 100644 --- a/pkg/profiles/production.go +++ b/pkg/profiles/production.go @@ -33,6 +33,7 @@ func productionProfile() apiv1.Config { conf.ControllerCPU = z.Pointer("100m") conf.APIServerMemory = z.Pointer("256Mi") conf.APIServerCPU = z.Pointer("100m") + conf.AutoConfigureKarpenterDontEvictAnnotations = z.Pointer(true) return conf }