Custom Metric Based HPA Using KEDA in EKS Environments
Table of Contents
11.0
Expand all | Collapse all
-
- CN-Series Key Concepts
- CN-Series Core Building Blocks
- Components Required to Secure Kubernetes Clusters with CN-Series Firewall
- CN-Series Deployment—Supported Environments
- CN-Series System Requirements
- Quickstart- CN-Series Firewall Deployment
- CN-Series Performance and Scaling
- Additional CN-Series Resources
-
- CN-Series Deployment Checklist
- CN-Series Prerequisites
- Install a Device Certificate on the CN-Series Firewall
- Create Service Accounts for Cluster Authentication
- Install the Kubernetes Plugin and Set up Panorama for CN-Series
- Get the Images and Files for the CN-Series Deployment
- Editable Parameters in CN-Series Deployment YAML Files
- Enable Horizontal Pod Autoscaling on the CN-Series
- Secure 5G With the CN-Series Firewall
- Enable Inspection of Tagged VLAN Traffic
- Enable IPVLAN
- Uninstall the Kubernetes Plugin on Panorama
- Features Not Supported on the CN-Series
-
- CN-Series HSF System Requirements
- Configure Traffic Flow Towards CN-Series HSF
- Test Case: Layer 3 BFD Based CN-GW Failure Handling
- View CN-Series HSF Summary and Monitoring
- Validating the CN-Series HSF Deployment
- Custom Metric Based HPA Using KEDA in EKS Environments
- Features Not Supported on the CN-Series
Custom Metric Based HPA Using KEDA in EKS Environments
HPA implementation in EKS environments
requires you to use KEDA (Kubernetes-based Event Driven Autoscaler).
The following are prerequisites for custom metrics based HPA implementation:
- Enable HPA for clustering from YAML.
- Ensure that the HPA params are filled in the pan-cn-mgmt-configmap.yaml file.
- Ensure that thePAN_NAMESPACE_EKSfield has a unique name across your AWS account in your region. This avoids overwriting metrics from different CN clusters with the same EKS namespace.
- CN-MGMT publishing metrics to Cloudwatch.The CN-MGMT pod requires necessary permissions to access the Cloudwatch resource, collect CN-NGFW metrics, and publish custom metrics to Cloudwatch. This is done by adding theCloudWatchFullAccesspolicy to the node IAM role which you specified while creating the nodegroup.
- Deploy the Cluster Autoscaler from AWS. For more information, see Cluster Autoscaler.
Authenticate KEDA with AWS
To authenticate KEDA, you can associate an IAM role
with the keda operator service account by annotating the role-arn
in the keda service account. This step is recommended because this
avoids adding Cloudwatch access to the node IAM role and enables
only the keda service account to gain access to the Cloudwatch and
not the entire node on which keda is running.
To Associate an IAM role with the keda operator service account:
- Create an IAM OIDC provider for your cluster - You need to create an IAM OIDC provider only once for a cluster.
- Create an IAM role and attach an IAM policy to it with the permissions that your service accounts need. Ensure that you provide the Cloudwatch access policy while performing this step.
- Associate an IAM role with a service account – Complete this task for each Kubernetes service account that needs access to AWS resources.
- Deploy the Cluster Autoscaler from AWS. For more information, see Cluster Autoscaler.
Deploy the KEDA Pods
To deploy the Keda pods, download the latest keda files.
kubectl apply -f keda-2.7.1.yaml
The plugin modifies and applies the yaml based on the inputs
you provide as per your scaling requirements.
Observe the values in Cloudwatch console and check how the target
pods scale in and out.