Added HPA in helm templates, EKS metric-server for HPA, and sync policy for helm

MarwanTamerMo · MarwanTamerMo · commit 54f0d5ce207e · 2025-08-27T13:12:11.000+03:00
diff --git a/Terraform/3-main.tf b/Terraform/3-main.tf
@@ -1,19 +1,27 @@
 module "vpc" {
-  source                = "./modules/vpc"
-  
-  vpc_cidr              = var.vpc_cidr
-  availability_zones    = var.availability_zones
-  public_subnet_cidrs   = var.public_subnet_cidrs
-  private_subnet_cidrs  = var.private_subnet_cidrs
-  cluster_name          = var.cluster_name
+  source = "./modules/vpc"
+
+  vpc_cidr             = var.vpc_cidr
+  availability_zones   = var.availability_zones
+  public_subnet_cidrs  = var.public_subnet_cidrs
+  private_subnet_cidrs = var.private_subnet_cidrs
+  cluster_name         = var.cluster_name
 }
 
 module "eks" {
-  source                = "./modules/eks"
-  
-  cluster_name          = var.cluster_name
-  cluster_version       = var.cluster_version
-  vpc_id                = module.vpc.vpc_id
-  subnet_ids            = module.vpc.private_subnet_ids
-  node_groups           = var.node_groups
+  source = "./modules/eks"
+
+  cluster_name    = var.cluster_name
+  cluster_version = var.cluster_version
+  vpc_id          = module.vpc.vpc_id
+  subnet_ids      = module.vpc.private_subnet_ids
+  node_groups     = var.node_groups
+}
+
+# EKS Addon: metrics-server (enables HPA CPU/memory metrics)
+resource "aws_eks_addon" "metrics_server" {
+  cluster_name      = module.eks.cluster_name
+  addon_name        = "metrics-server"
+  addon_version     = null
+  resolve_conflicts = "OVERWRITE"
 }
diff --git a/argocd/application.yml b/argocd/application.yml
@@ -6,19 +6,26 @@ metadata:
 spec:
   project: default
   source:
-    repoURL: 'https://github.com/KarimZakzouk/Graduation-Project-Devops'
+    repoURL: "https://github.com/KarimZakzouk/Graduation-Project-Devops"
     targetRevision: main
     path: helm
     helm:
       valueFiles:
         - values.yaml
+      parameters:
+        - name: namespace
+          value: ${APP_NAMESPACE}
   destination:
     server: https://kubernetes.default.svc
     namespace: ${APP_NAMESPACE}
   syncPolicy:
     automated:
       prune: true
       selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - PrunePropagationPolicy=foreground
+      - ApplyOutOfSyncOnly=true
 
   ignoreDifferences:
     - group: ""
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
@@ -3,7 +3,9 @@ kind: Deployment
 metadata:
   name: {{ .Release.Name }}
 spec:
+  {{- if not .Values.autoscaling.enabled }}
   replicas: {{ .Values.replicaCount }}
+  {{- end }}
   selector:
     matchLabels:
       app: {{ .Release.Name }}
@@ -12,12 +14,21 @@ spec:
       labels:
         app: {{ .Release.Name }}
     spec:
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       containers:
         - name: {{ .Release.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - containerPort: {{ .Values.service.targetPort }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: true
           env:
             - name: MONGO_URI
               valueFrom:
diff --git a/helm/templates/hpa.yaml b/helm/templates/hpa.yaml
@@ -0,0 +1,30 @@
+apiVersion: autoscaling/v2
+
+kind: HorizontalPodAutoscaler
+
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ .Release.Name }}
+
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+  - type: Resource
+    resource:
+      name: memory
+      target:
+        type: Utilization
+        averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
diff --git a/helm/values.yaml b/helm/values.yaml
@@ -11,4 +11,19 @@ service:
   port: 80
   targetPort: 3000
 
-namespace: "" 
+namespace: ""
+
+resources:
+  requests:
+    cpu: 100m
+    memory: 128Mi
+  limits:
+    cpu: 500m
+    memory: 512Mi
+
+autoscaling:
+  enabled: true
+  minReplicas: 1
+  maxReplicas: 10
+  targetCPUUtilizationPercentage: 80
+  targetMemoryUtilizationPercentage: 80
