Skip to content

Latest commit

 

History

History
91 lines (69 loc) · 3.05 KB

autoscaling.md

File metadata and controls

91 lines (69 loc) · 3.05 KB

Autoscaling

To enable worker node autoscaling you will need to do a few things:

  • Add the required tags to the worker group
  • Install the cluster-autoscaler
  • Give the cluster-autoscaler access via an IAM policy

It's probably easiest to follow the example in examples/irsa, this will install the cluster-autoscaler using Helm and use IRSA to attach a policy.

If you don't want to use IRSA then you will need to attach the IAM policy to the worker node IAM role or add AWS credentials to the cluster-autoscaler environment variables. Here is some example terraform code for the policy:

resource "aws_iam_role_policy_attachment" "workers_autoscaling" {
  policy_arn = aws_iam_policy.worker_autoscaling.arn
  role       = module.my_cluster.worker_iam_role_name[0]
}

resource "aws_iam_policy" "worker_autoscaling" {
  name_prefix = "eks-worker-autoscaling-${module.my_cluster.cluster_id}"
  description = "EKS worker node autoscaling policy for cluster ${module.my_cluster.cluster_id}"
  policy      = data.aws_iam_policy_document.worker_autoscaling.json
  path        = var.iam_path
}

data "aws_iam_policy_document" "worker_autoscaling" {
  statement {
    sid    = "eksWorkerAutoscalingAll"
    effect = "Allow"

    actions = [
      "autoscaling:DescribeAutoScalingGroups",
      "autoscaling:DescribeAutoScalingInstances",
      "autoscaling:DescribeLaunchConfigurations",
      "autoscaling:DescribeTags",
      "ec2:DescribeLaunchTemplateVersions",
    ]

    resources = ["*"]
  }

  statement {
    sid    = "eksWorkerAutoscalingOwn"
    effect = "Allow"

    actions = [
      "autoscaling:SetDesiredCapacity",
      "autoscaling:TerminateInstanceInAutoScalingGroup",
      "autoscaling:UpdateAutoScalingGroup",
    ]

    resources = ["*"]

    condition {
      test     = "StringEquals"
      variable = "autoscaling:ResourceTag/kubernetes.io/cluster/${module.my_cluster.cluster_id}"
      values   = ["owned"]
    }

    condition {
      test     = "StringEquals"
      variable = "autoscaling:ResourceTag/k8s.io/cluster-autoscaler/enabled"
      values   = ["true"]
    }
  }
}

And example values for the helm chart:

rbac:
  create: true

cloudProvider: aws
awsRegion: YOUR_AWS_REGION

autoDiscovery:
  clusterName: YOUR_CLUSTER_NAME
  enabled: true

To install the chart, simply run helm with the --values option:

helm install stable/cluster-autoscaler --values=path/to/your/values-file.yaml

Notes

There is a variable asg_desired_capacity given in the local.tf file, currently it can be used to change the desired worker(s) capacity in the autoscaling group but currently it is being ignored in terraform to reduce the complexities and the feature of scaling up and down the cluster nodes is being handled by the cluster autoscaler.