kubecost / disk-autoscaler Goto Github PK

View Code? Open in Web Editor NEW

45.0 4.0 1.0 331 KB

Resize Kubernetes PersistentVolumes automatically based on Kubecost recommendations.

License: Apache License 2.0

Just 0.66% Go 99.34%

cost-optimization kubecost kubernetes persistent-storage savings

disk-autoscaler's People

Contributors

Stargazers

Watchers

Forkers

tty47

disk-autoscaler's Issues

Bump to latest Go

Need to bump up to the latest Go for some vulns that are getting flagged in CI. It'd be best if we can avoid pinning to a specific patch release in go.mod so we're always building with the latest.

Fix issues reported by golangci-lint

Golangci-lint currently reports the following:

cmd/diskautoscaler/main.go:85:18: Error return value of `viper.BindPFlags` is not checked (errcheck)
        viper.BindPFlags(pflag.CommandLine)
                        ^
cmd/diskautoscaler/main.go:89:18: Error return value of `viper.BindPFlags` is not checked (errcheck)
        viper.BindPFlags(pflag.CommandLine)
                        ^
pkg/diskscaler/service.go:123:2: ineffectual assignment to status (ineffassign)
        status := RunStatus{}
        ^
pkg/pvsizingrecommendation/query.go:7:2: SA1019: "io/ioutil" has been deprecated since Go 1.19: As of Go 1.16, the same functionality is now provided by package [io] or package [os], and those implementations should be preferred in new code. See the specific function documentation for details. (staticcheck)
        "io/ioutil"

Code should be up to modern standards and pass all basic linting tests.

Problem Statement

Users would like to see the action DAS will take to ensure it will work according to expectations and also to ensure the risks are known.

Solution Description

Enable an audit mode in DAS so users can see, perhaps via log messages, the actions DAS would take without having it actually perform any changes.

Alternatives

No response

Additional Context

No response

Troubleshooting

I have searched other issues in this repository and mine is not recorded.

Least-privilege RBAC

Reduce the RBAC privileges to the lowest level following standard least-privilege best practices.

Refactor Justfile to use build recipe using ko

Need to refactor the Justfile so it builds using ko rather than docker.

CI process for builds

Need to establish a CI pipeline for builds and releases. ko can be used as an alternative to Docker which is slimmer and uses a minimal base image similar to build packs.

Ex.:

KO_DOCKER_REPO=ko.local ko build ./cmd/diskautoscaler/ --preserve-import-paths --tags=latest --platform=linux/amd64

[Feature] Enable the intermediary Pod data mover to be configurable

Problem Statement

The intermediary Pod responsible for the copy operation in case of scale downs is not currently configurable. Many users will need to configure this Pod according to their needs so it passes security guidelines.

Solution Description

Allow the intermediary Pod copier to be configured in the most common ways including, but not limited to,:

image
name
metadata

Alternatives

No response

Additional Context

No response

Troubleshooting

I have searched other issues in this repository and mine is not recorded.

Better defaults for intermediary Pod data mover

Need to beef up the security posture of the internal Pod data mover so it has things like:

No use of ubuntu:latest
Passes the Pod Security Standards restricted profile
Contains basic and standard metadata
- Standard labels are needed

Define resource requests

DAS needs resource requests defined for its Pod to meet common practice guidelines.

Bump to Go 1.22.3

Need to bump to Go 1.22.3 to address some CVEs.

Log build info at init

DAS needs to log common information upon init including git hash and version at the default log level. This will aid in future troubleshooting based on user-provided logs so we know what version of the image was used.

[Feature] Restrict Pod create and `/exec` permissions

Problem Statement

RBAC permissions are still unnecessarily wide today in that pods and pod/exec are granted too broadly. This isn't necessary as the only Pod which needs to be created and exec'd into is the datamover Pod.

Solution Description

Reduce RBAC permissions for Pod creation and /exec subresource to only the datamover Pod.

Alternatives

No response

Additional Context

No response

Troubleshooting

I have searched other issues in this repository and mine is not recorded.

[Bug] Missing license

Kubernetes Version

Description

Repository has no license information

Steps to reproduce

Expected behavior

Screenshots

No response

Logs

No response

Troubleshooting

I have searched other issues in this repository and mine is not recorded.

[Feature] Support Helm deployment

Problem Statement

Users who need customization would like to use Helm to deploy DAS.

Solution Description

Support deployment via a Helm chart.

Alternatives

No response

Additional Context

No response

Troubleshooting

I have searched other issues in this repository and mine is not recorded.

kubecost / disk-autoscaler Goto Github PK

disk-autoscaler's People

Contributors

Stargazers

Watchers

Forkers

disk-autoscaler's Issues

Problem Statement

Solution Description

Alternatives

Additional Context

Troubleshooting

Problem Statement

Solution Description

Alternatives

Additional Context

Troubleshooting

Problem Statement

Solution Description

Alternatives

Additional Context

Troubleshooting

Kubernetes Version

Description

Steps to reproduce

Expected behavior

Screenshots

Logs

Troubleshooting

Problem Statement

Solution Description

Alternatives

Additional Context

Troubleshooting

Recommend Projects

Recommend Topics

Recommend Org

Jobs