Sample Configurations

The following are sample HelmRelease configurations for different use cases

• Healthcheck
• Resource Constraints
• Network Policy
• Istio Ingress
• Auto Scaling

Healthcheck

Use Case: Configure probe settings

readinessProbe:
  exec:
    enabled: false # change httpGet.enabled to false if using this
    command: [] # commands for readiness probe
  httpGet:
    enabled: true
  path: /readiness
  initialDelaySeconds: 5
  periodSeconds: 5
  timeoutSeconds: 5
  successThreshold: 1
  failureThreshold: 5

Use Case: Configure probe to use command

livenessProbe:
  exec:
    enabled: true
    command:
    - /bin/sh
    - /healthcheck.sh
  httpGet:
    enabled: false

Resource Constraints

Use Case: Configure min and max resource limits

resources:
  requests:
    cpu: 100m
    memory: 200Mi
  limits:
    cpu: 250m
    memory: 500Mi

Network Policy

The HelmRelease configurations are for the destination service

Use Case: Accept traffic from services in same namespace

networkPolicy:
  enabled: true
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app.kubernetes.io/instance: <service_1>-development
    - podSelector:
        matchLabels:
          app.kubernetes.io/instance: <service_2>-development

Use Case: Accept traffic from services in different namespaces

networkPolicy:
  enabled: true
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          namespace: <namespace_1>
  - from:
    - namespaceSelector:
        matchLabels:
          namespace: <namespace_2>

Use Case: Accept traffic from specific service in different namespace

networkPolicy:
  enabled: true
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          namespace: <namespace_1>
    - podSelector:
        matchLabels:
          app.kubernetes.io/instance: <service_1>-development

Istio Ingress

Use Case: Expose service to GSA network

istioIngress:
  enabled: true
  host: "fake-mod1-development-robotshop.mcaas.fcs.gsa.gov"

Use Case: Expose service to GSA network and external

istioIngress:
  enabled: true
  host: "fake-mod1-development-robotshop.mcaas.fcs.gsa.gov"
  additionalHosts:
  - example.gsa.gov

Use Case: Mulit-ingress

multiIngress:
  - match:
    - uri:
        prefix: /svc1
    rewrite:
      uri: /
    route:
    - destination:
        host: svc1
        port:
          number: 80
  - match:
    - uri:
        prefix: /svc2
    rewrite:
      uri: /
    route:
    - destination:
        host: svc2
        port:
          number: 80
  - route:
    - destination:
        host: this-svc
        port:
          number: 80

Auto Scaling

Use Case: Scale pods horizontally

horizontalPodAutoscaler:
  enabled: true
  minReplicas: 1
  maxReplicas: 10
  cpuMetrics:
    enabled: false
    averageUtilization: 50
  memoryMetrics:
    enabled: false
    averageUtilization: 50
  otherMetrics:
    - type: Pods
      pods:
        metric:
          name: packets_per_secound
        target:
          type: AverageValue
          averageValue: 100

Use Case: Scale pods vertically

# cannot be used together with HPA on cpu and memory
verticalPodAutoscaler:
  enabled: true
  minAllowed:
    cpu: 100m
    memory: 200Mi
  maxAllowed:
    cpu: 200m
    memory: 400Mi