Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding support for proxy cache #38

Merged
merged 11 commits into from
Dec 5, 2024
Merged

Conversation

AnchorArray
Copy link
Contributor

@AnchorArray AnchorArray commented Nov 16, 2024

Enabled cache

helm template --debug guardrails-cache-poc \
  --namespace app-core \
  --set replicaCount=4 \
  --set image.tag=2.2.2 \
  --set env.WHYLABS_API_CACHE_ENDPOINT="guardrails-cache-poc.app-core.svc.cluster.local" \
  --set "tolerations[0].key=kubernetes.azure.com/scalesetpriority" \
  --set "tolerations[0].operator=Exists" \
  --set "imagePullSecrets[0].name=gitlab-registry-secret" \
  --set service.type=LoadBalancer \
  --set service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"="guardrails-cache-poc.whylabsai.com" \
  --set service.annotations."external-dns\.alpha\.kubernetes\.io/cloudflare-proxied"="\"true\"" \
  charts/guardrails | yq | pbcopy
---
# Source: guardrails/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: guardrails-cache-poc
  labels:
    helm.sh/chart: guardrails-0.5.0
    app.kubernetes.io/version: "2.2.2"
    app.kubernetes.io/managed-by: Helm
automountServiceAccountToken: true
---
# Source: guardrails/templates/configmap-nginx.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: guardrails-cache-poc-nginx
data:
  nginx.conf: "pid /tmp/nginx.pid;\nevents {\n  worker_connections 1024;\n}\nhttp {\n  proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=my_cache:10m max_size=1g \n  inactive=60m use_temp_path=off;\n  client_body_temp_path /tmp/client_temp;\n  proxy_temp_path       /tmp/proxy_temp_path;\n  fastcgi_temp_path     /tmp/fastcgi_temp;\n  uwsgi_temp_path       /tmp/uwsgi_temp;\n  scgi_temp_path        /tmp/scgi_temp;\n  server {\n    listen 8080;\n    server_name localhost;\n    location /v1/policy/list {\n      include cache_config.conf;\n      include common_proxy.conf;\n      proxy_cache_key \"$request_uri|$http_x_whylabs_organization\";\n    }\n    location /v1/organizations/managed-organizations {\n      include cache_config.conf;\n      include common_proxy.conf;\n      proxy_cache_key \"$request_uri|$http_x_whylabs_organization\";\n    }\n    location /v1/policy {\n      include cache_config.conf;\n      include common_proxy.conf;\n      proxy_cache_key \"$request_uri|$http_x_whylabs_organization\";\n    }\n    location /v1/api-key/validate {\n      include cache_config.conf;\n      include common_proxy.conf;\n      proxy_cache_key \"$request_uri|$http_x_api_key\";\n    }\n    location / {\n      include common_proxy.conf;\n    }\n  }\n}\n"
  cache_config.conf: |
    proxy_cache my_cache;
    proxy_cache_valid 200 403 1m;
    proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
    add_header X-Cache-Status $upstream_cache_status always;
  common_proxy.conf: |
    proxy_pass https://api.whylabsapp.com;
    proxy_set_header Host api.whylabsapp.com;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Accept $http_accept;
    proxy_set_header Accept-Encoding $http_accept_encoding;
    proxy_set_header X-API-Key $http_x_api_key;
    proxy_set_header X-WhyLabs-Organization $http_x_whylabs_organization;
---
# Source: guardrails/templates/service-nginx.yaml
apiVersion: v1
kind: Service
metadata:
  name: guardrails-cache-poc-nginx
spec:
  type: ClusterIP
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 8080
  selector:
    app: guardrails-cache-poc-nginx
---
# Source: guardrails/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: guardrails-cache-poc
  labels:
    helm.sh/chart: guardrails-0.5.0
    app.kubernetes.io/version: "2.2.2"
    app.kubernetes.io/managed-by: Helm
  annotations:
    external-dns.alpha.kubernetes.io/cloudflare-proxied: '"true"'
    external-dns.alpha.kubernetes.io/hostname: guardrails-cache-poc.whylabsai.com
spec:
  type: LoadBalancer
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 8000
  selector:
    app: guardrails-cache-poc
---
# Source: guardrails/templates/deployment-nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: guardrails-cache-poc-nginx
  labels:
    helm.sh/chart: guardrails-0.5.0
    app.kubernetes.io/version: "2.2.2"
    app.kubernetes.io/managed-by: Helm
spec:
  replicas: 1
  selector:
    matchLabels:
      app: guardrails-cache-poc-nginx
  template:
    metadata:
      labels:
        helm.sh/chart: guardrails-0.5.0
        app.kubernetes.io/version: "2.2.2"
        app.kubernetes.io/managed-by: Helm
        app: guardrails-cache-poc-nginx
        app.kubernetes.io/name: guardrails-nginx
        app.kubernetes.io/instance: guardrails-cache-poc-nginx
    spec:
      serviceAccountName: guardrails-cache-poc
      securityContext:
        fsGroup: 101
      containers:
        - name: nginx
          securityContext:
            privileged: false
            allowPrivilegeEscalation: false
            runAsNonRoot: true
            runAsUser: 101
            runAsGroup: 101
            capabilities:
              drop: ["ALL"]
          image: "nginxinc/nginx-unprivileged:latest"
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          volumeMounts:
            - name: nginx-config
              mountPath: /etc/nginx/nginx.conf
              subPath: nginx.conf
            - name: nginx-config
              mountPath: /etc/nginx/cache_config.conf
              subPath: cache_config.conf
            - name: nginx-config
              mountPath: /etc/nginx/common_proxy.conf
              subPath: common_proxy.conf
            - name: nginx-temp
              mountPath: /tmp
            - name: nginx-cache
              mountPath: /var/cache/nginx
      volumes:
        - name: nginx-temp
          emptyDir: {}
        - name: nginx-cache
          emptyDir: {}
        - name: nginx-config
          configMap:
            name: guardrails-cache-poc-nginx
      tolerations:
        - key: kubernetes.azure.com/scalesetpriority
          operator: Exists
---
# Source: guardrails/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: guardrails-cache-poc
  labels:
    helm.sh/chart: guardrails-0.5.0
    app.kubernetes.io/version: "2.2.2"
    app.kubernetes.io/managed-by: Helm
spec:
  revisionHistoryLimit: 1
  replicas: 4
  selector:
    matchLabels:
      app: guardrails-cache-poc
  template:
    metadata:
      labels:
        helm.sh/chart: guardrails-0.5.0
        app.kubernetes.io/version: "2.2.2"
        app.kubernetes.io/managed-by: Helm
        app: guardrails-cache-poc
        app.kubernetes.io/name: guardrails
        app.kubernetes.io/instance: guardrails-cache-poc
    spec:
      imagePullSecrets:
        - name: gitlab-registry-secret
      serviceAccountName: guardrails-cache-poc
      securityContext:
        runAsNonRoot: true
      containers:
        - name: guardrails
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            privileged: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 1000
          image: "registry.gitlab.com/whylabs/langkit-container:2.2.2"
          imagePullPolicy: IfNotPresent
          env:
            - name: TENANCY_MODE
              value: MULTI
            - name: WHYLABS_API_CACHE_ENDPOINT
              value: guardrails-cache-poc.app-core.svc.cluster.local
          envFrom:
            - secretRef:
                name: whylabs-guardrails-api-key
                optional: true
            - secretRef:
                name: whylabs-guardrails-api-secret
                optional: true
          ports:
            - name: http
              containerPort: 8000
              protocol: TCP
          livenessProbe:
            failureThreshold: 5
            httpGet:
              path: /health
              port: 8000
            periodSeconds: 10
          readinessProbe:
            failureThreshold: 2
            httpGet:
              path: /health
              port: 8000
            periodSeconds: 10
          startupProbe:
            failureThreshold: 20
            httpGet:
              path: /health
              port: 8000
            initialDelaySeconds: 20
            periodSeconds: 10
          resources:
            limits:
              cpu: "4"
              ephemeral-storage: 250Mi
              memory: 4Gi
            requests:
              cpu: "4"
              ephemeral-storage: 250Mi
              memory: 4Gi
          volumeMounts:
            - name: temp-dir
              mountPath: /tmp
      volumes:
        - name: temp-dir
          emptyDir: {}
      tolerations:
        - key: kubernetes.azure.com/scalesetpriority
          operator: Exists

Disabled Cache; Autoscaling Enabled

helm template --debug guardrails-cache-poc \
  --namespace app-core \
  --set replicaCount=4 \
  --set image.tag=2.2.2 \
  --set cache.enable=false \
  --set autoscaling.enabled=true \
  --set "tolerations[0].key=kubernetes.azure.com/scalesetpriority" \
  --set "tolerations[0].operator=Exists" \
  --set "imagePullSecrets[0].name=gitlab-registry-secret" \
  --set service.type=LoadBalancer \
  --set service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"="guardrails-cache-poc.whylabsai.com" \
  --set service.annotations."external-dns\.alpha\.kubernetes\.io/cloudflare-proxied"="\"true\"" \
  charts/guardrails | yq | pbcopy
---
# Source: guardrails/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: guardrails-cache-poc
  labels:
    helm.sh/chart: guardrails-0.5.0
    app.kubernetes.io/version: "2.2.2"
    app.kubernetes.io/managed-by: Helm
automountServiceAccountToken: true
---
# Source: guardrails/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: guardrails-cache-poc
  labels:
    helm.sh/chart: guardrails-0.5.0
    app.kubernetes.io/version: "2.2.2"
    app.kubernetes.io/managed-by: Helm
  annotations:
    external-dns.alpha.kubernetes.io/cloudflare-proxied: '"true"'
    external-dns.alpha.kubernetes.io/hostname: guardrails-cache-poc.whylabsai.com
spec:
  type: LoadBalancer
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 8000
  selector:
    app: guardrails-cache-poc
---
# Source: guardrails/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: guardrails-cache-poc
  labels:
    helm.sh/chart: guardrails-0.5.0
    app.kubernetes.io/version: "2.2.2"
    app.kubernetes.io/managed-by: Helm
spec:
  revisionHistoryLimit: 1
  selector:
    matchLabels:
      app: guardrails-cache-poc
  template:
    metadata:
      labels:
        helm.sh/chart: guardrails-0.5.0
        app.kubernetes.io/version: "2.2.2"
        app.kubernetes.io/managed-by: Helm
        app: guardrails-cache-poc
        app.kubernetes.io/name: guardrails
        app.kubernetes.io/instance: guardrails-cache-poc
    spec:
      imagePullSecrets:
        - name: gitlab-registry-secret
      serviceAccountName: guardrails-cache-poc
      securityContext:
        runAsNonRoot: true
      containers:
        - name: guardrails
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            privileged: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 1000
          image: "registry.gitlab.com/whylabs/langkit-container:2.2.2"
          imagePullPolicy: IfNotPresent
          env:
            - name: TENANCY_MODE
              value: MULTI
          envFrom:
            - secretRef:
                name: whylabs-guardrails-api-key
                optional: true
            - secretRef:
                name: whylabs-guardrails-api-secret
                optional: true
          ports:
            - name: http
              containerPort: 8000
              protocol: TCP
          livenessProbe:
            failureThreshold: 5
            httpGet:
              path: /health
              port: 8000
            periodSeconds: 10
          readinessProbe:
            failureThreshold: 2
            httpGet:
              path: /health
              port: 8000
            periodSeconds: 10
          startupProbe:
            failureThreshold: 20
            httpGet:
              path: /health
              port: 8000
            initialDelaySeconds: 20
            periodSeconds: 10
          resources:
            limits:
              cpu: "4"
              ephemeral-storage: 250Mi
              memory: 4Gi
            requests:
              cpu: "4"
              ephemeral-storage: 250Mi
              memory: 4Gi
          volumeMounts:
            - name: temp-dir
              mountPath: /tmp
      volumes:
        - name: temp-dir
          emptyDir: {}
      tolerations:
        - key: kubernetes.azure.com/scalesetpriority
          operator: Exists
---
# Source: guardrails/templates/hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: guardrails-cache-poc
  labels:
    helm.sh/chart: guardrails-0.5.0
    app.kubernetes.io/version: "2.2.2"
    app.kubernetes.io/managed-by: Helm
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: guardrails-cache-poc
  minReplicas: 1
  maxReplicas: 100
  behavior:
    scaleUp:
      policies:
        - type: Pods
          value: 4
          periodSeconds: 180
        - type: Percent
          value: 50
          periodSeconds: 180
      selectPolicy: Min
      stabilizationWindowSeconds: 300
  metrics:
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          averageUtilization: 70

@AnchorArray AnchorArray self-assigned this Nov 16, 2024
@AnchorArray AnchorArray changed the title Draft: adding support for proxy cache Adding support for proxy cache Nov 26, 2024
Comment on lines +13 to +15
- Add caching support, enabled with `cache.enable: true` (default is `true`)
- HPA support for configuring scaling behavior

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like these are just duplicated from 0.4?

@AnchorArray AnchorArray merged commit 17ade86 into mainline Dec 5, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants