Autoscaling operator

If you were on an older version of the dakr-operator (formerly called balance) that is now deprecated, please reach out to support@devzero.io to get migrated.

Prerequisites

Install the latest version of the az CLI.

The aws CLI is currently not needed (but it might be needed to access the kubeconfig of the target cluster).

Install the latest version of the aws CLI.

Install the latest version of the gcloud CLI.

Configure IAM

git clone https://github.com/devzero-inc/dakr-operator-installers
cd dakr-operator-installers

Azure AKS

Outputs needed for next steps: ksa_annotation_key_client_id, operator_identity_client_id.

Enable Workload Identity on AKS Cluster

az aks update --name <cluster-name> --resource-group <resource-group> --enable-oidc-issuer --enable-workload-identity

Replace <cluster-name>, <resource-group>. This step is crucial for allowing Kubernetes Service Accounts to be federated with Azure AD identities. This is a non-disruptive operation and will not cause your nodes to restart.

Navigate to Azure Terraform directory

cd terraform/azure

`terraform init`

terraform init

`terraform apply`

terraform apply \
    -var="subscription_id=<subscription-id>" \
    -var="azure_location=<region>" \
    -var="aks_cluster_name=<cluster-name>" \
    -var="aks_cluster_resource_group_name=<resource-group>" \
    -var="operator_namespace=<operator-namespace>"

Replace <subscription-id>, <region>, <cluster-name>, <resource-group>, <operator-namespace>.

The operator_service_account_name defaults to dakr-operator-sa (this should match the name under operator.serviceAccount in helm/dakr/values.yaml).

AWS EKS

Outputs needed for next steps: ksa_annotation_key_aws, operator_iam_role_arn.

`terraform init`

cd terraform/aws
terraform init

`terraform apply`

terraform apply \
    -var="aws_region=<region>" \
    -var="eks_cluster_name=<cluster-name>" \
    -var="operator_namespace=<operator-namespace>"

Replace <region>, <cluster-name>, <operator-namespace>.

The operator_service_account_name defaults to dakr-operator-sa (this should match the name under operator.serviceAccount in helm/dakr/values.yaml).

Ensure your EKS cluster has an OIDC provider enabled; the Terraform script will attempt to create it if not found.

GCP GKE

Outputs needed for next steps: ksa_annotation_key, gcp_service_account_email.

Enable `Workload Identity`

gcloud container clusters update <cluster-name> \
    --location=<location> \
    --workload-pool=<project-id>.svc.id.goog

Replace <cluster-name>, <location>, <project-id>.

Ensure pods can use GKE metadata server

gcloud container node-pools update <nodepool-name> \
    --cluster=<cluster-name> \
    --location=<location> \
    --workload-metadata=GKE_METADATA

Replace <nodepool-name>, <cluster-name>, <location>.

`terraform init`

cd terraform/gcp
terraform init

`terraform apply`

terraform apply \
    -var="gcp_project_id=<project-id>" \
    -var="gcp_region=<region>" \
    -var="gke_cluster_name=<cluster-name>" \
    -var="operator_namespace=<operator-namespace>"

Replace <project-id>, <region>, <cluster-name>, <operator-namespace>.

Deploy `dakr-operator`

In helm/dakr/values.yaml, locate operator.serviceAccount.annotations. Based on the terraform apply, replace the placeholder values.

Ensure the service account name matches (default: dakr-operator-sa).

Deploy the operator:

helm upgrade --install <release-name> ./helm/dakr \
    --namespace <operator-namespace> \
    --create-namespace

<release-name> can be replaced with you desired name. <operator-namespace> must be replaced with a value that matches operator_namespace in terraform apply.

Autoscaling operator

ArgoCD

dz-scheduler

On this page