Merge pull request #33 from spacelift-io/add-autoscaling-2

feat: autoscaling

Author: TheOutdoorProgrammer

.gitignore

@@ -30,3 +30,8 @@ override.tf.json
 
 .terraform.lock.hcl
 local.tfvars
+
+# Autoscaler downloaded/generated files
+01*
+ec2-workerpool-autoscaler_*.zip
+autoscaler-function.zip

autoscaler.tf

@@ -0,0 +1,14 @@
+module "autoscaler" {
+  count  = local.autoscaling_enabled ? 1 : 0
+  source = "./autoscaler"
+
+  autoscaling_configuration = var.autoscaling_configuration
+  base_name                 = local.namespace
+  key_vault_id              = var.autoscaling_configuration.key_vault_id
+  resource_group            = var.resource_group
+  spacelift_api_credentials = var.spacelift_api_credentials
+  subnet_id                 = var.subnet_id
+  tags                      = var.tags
+  vmss_resource_id          = azurerm_linux_virtual_machine_scale_set.this.id
+  worker_pool_id            = var.worker_pool_id
+}

autoscaler/autoscaler.tf

@@ -0,0 +1,189 @@
+locals {
+  download_folder = var.worker_pool_id
+  architecture    = coalesce(var.autoscaling_configuration.architecture, "amd64")
+
+  # TODO:// might need to rename this after repo name changes
+  autoscaler_zip     = "${local.download_folder}/ec2-workerpool-autoscaler_azurefunc_linux_${local.architecture}.zip"
+  autoscaler_version = coalesce(var.autoscaling_configuration.version, "latest")
+  function_name      = "${var.base_name}-vmss-autoscaler"
+
+  function_package_dir  = "${path.module}/function_package"
+  generated_package_zip = "${local.download_folder}/autoscaler-function.zip"
+}
+
+# Download the autoscaler binary from GitHub releases
+resource "null_resource" "download" {
+  triggers = {
+    # Always re-download if version is "latest" or if the file doesn't exist
+    keeper = (
+      local.autoscaler_version == "latest" || !fileexists(local.autoscaler_zip)
+      ? timestamp()
+      : local.autoscaler_version
+    )
+  }
+
+  provisioner "local-exec" {
+    command = "${path.module}/download.sh ${local.autoscaler_version} ${local.architecture} ${local.download_folder}"
+  }
+}
+
+resource "null_resource" "package" {
+  depends_on = [null_resource.download]
+
+  triggers = {
+    download_trigger = null_resource.download.id
+    script_hash      = filesha256("${local.function_package_dir}/package.sh")
+    host_json_hash   = filesha256("${local.function_package_dir}/host.json")
+    function_hash    = filesha256("${local.function_package_dir}/AutoscalerTimer/function.json")
+  }
+
+  provisioner "local-exec" {
+    command = "${local.function_package_dir}/package.sh ${local.autoscaler_zip} ${local.generated_package_zip}"
+  }
+}
+
+data "local_file" "function_package" {
+  depends_on = [null_resource.package]
+  filename   = local.generated_package_zip
+}
+
+# Storage account for the Function App
+resource "azurerm_storage_account" "autoscaler" {
+  name                     = lower(substr(replace("${var.base_name}auto", "-", ""), 0, 24))
+  resource_group_name      = var.resource_group.name
+  location                 = var.resource_group.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+
+  tags = merge(var.tags, {
+    WorkerPoolID = var.worker_pool_id
+    Component    = "Autoscaler"
+  })
+}
+
+# Upload the function package to blob storage
+resource "azurerm_storage_container" "autoscaler" {
+  name                  = "function-releases"
+  storage_account_id    = azurerm_storage_account.autoscaler.id
+  container_access_type = "private"
+}
+
+resource "azurerm_storage_blob" "autoscaler" {
+  name                   = "autoscaler-function-${data.local_file.function_package.content_base64sha256}.zip"
+  storage_account_name   = azurerm_storage_account.autoscaler.name
+  storage_container_name = azurerm_storage_container.autoscaler.name
+  type                   = "Block"
+  source                 = local.generated_package_zip
+
+  depends_on = [null_resource.package]
+}
+
+# Grant the Function App's managed identity read access to the blob storage
+# This allows WEBSITE_RUN_FROM_PACKAGE to work without a SAS token
+resource "azurerm_role_assignment" "autoscaler_blob_reader" {
+  scope                = azurerm_storage_account.autoscaler.id
+  role_definition_name = "Storage Blob Data Reader"
+  principal_id         = azurerm_linux_function_app.autoscaler.identity[0].principal_id
+}
+
+# App Service Plan for the Function App
+resource "azurerm_service_plan" "autoscaler" {
+  name                = "${var.base_name}-autoscaler-plan"
+  resource_group_name = var.resource_group.name
+  location            = var.resource_group.location
+  os_type             = "Linux"
+  sku_name            = "S1"
+
+  tags = merge(var.tags, {
+    WorkerPoolID = var.worker_pool_id
+    Component    = "Autoscaler"
+  })
+}
+
+# Linux Function App for autoscaling using custom handler
+resource "azurerm_linux_function_app" "autoscaler" {
+  name                = local.function_name
+  resource_group_name = var.resource_group.name
+  location            = var.resource_group.location
+
+  storage_account_name       = azurerm_storage_account.autoscaler.name
+  storage_account_access_key = azurerm_storage_account.autoscaler.primary_access_key
+  service_plan_id            = azurerm_service_plan.autoscaler.id
+
+  # Enable system-assigned managed identity for Azure resource access
+  identity {
+    type = "SystemAssigned"
+  }
+
+  site_config {
+    application_stack {
+      use_custom_runtime = true
+    }
+
+    application_insights_connection_string = azurerm_application_insights.autoscaler.connection_string
+    application_insights_key               = azurerm_application_insights.autoscaler.instrumentation_key
+
+    cors {
+      allowed_origins = ["https://portal.azure.com"]
+    }
+  }
+
+  app_settings = {
+    FUNCTIONS_WORKER_RUNTIME                     = "custom"
+    WEBSITE_RUN_FROM_PACKAGE                     = azurerm_storage_blob.autoscaler.url
+    WEBSITE_RUN_FROM_PACKAGE_BLOB_MI_RESOURCE_ID = ""
+    AzureWebJobsDisableHomepage                  = "true"
+    WEBSITE_ENABLE_SYNC_UPDATE_SITE              = "true"
+    WEBSITE_MAX_DYNAMIC_APPLICATION_SCALE_OUT    = "1"
+
+    # Timer trigger schedule (cron format for Azure Functions)
+    SCHEDULE_EXPRESSION = coalesce(var.autoscaling_configuration.schedule_expression, "0 * * * * *")
+
+    # Spacelift API configuration
+    SPACELIFT_API_KEY_ID          = var.spacelift_api_credentials.api_key_id
+    SPACELIFT_API_KEY_ENDPOINT    = var.spacelift_api_credentials.api_key_endpoint
+    SPACELIFT_API_KEY_SECRET_NAME = azurerm_key_vault_secret.spacelift_api_key.name
+    SPACELIFT_WORKER_POOL_ID      = var.worker_pool_id
+
+    # Azure Key Vault configuration
+    AZURE_KEY_VAULT_NAME = var.key_vault_id != null ? split("/", var.key_vault_id)[8] : azurerm_key_vault.autoscaler[0].name
+    AZURE_SECRET_NAME    = azurerm_key_vault_secret.spacelift_api_key.name
+
+    # Azure VMSS configuration
+    AUTOSCALING_GROUP_ARN = var.vmss_resource_id
+    AUTOSCALING_REGION    = var.resource_group.location
+
+    # Autoscaling limits
+    AUTOSCALING_MAX_CREATE       = var.autoscaling_configuration.max_create != null ? var.autoscaling_configuration.max_create : 1
+    AUTOSCALING_MAX_KILL         = var.autoscaling_configuration.max_terminate != null ? var.autoscaling_configuration.max_terminate : 1
+    AUTOSCALING_SCALE_DOWN_DELAY = var.autoscaling_configuration.scale_down_delay != null ? var.autoscaling_configuration.scale_down_delay : 0
+
+    AZURE_AUTOSCALING_MIN_SIZE = coalesce(try(var.autoscaling_configuration.scale.min, null), -1)
+    AZURE_AUTOSCALING_MAX_SIZE = coalesce(try(var.autoscaling_configuration.scale.max, null), 5)
+  }
+
+  tags = merge(var.tags, {
+    WorkerPoolID = var.worker_pool_id
+    Component    = "Autoscaler"
+  })
+
+  lifecycle {
+    # Ignore changes to zip_deploy_file to prevent constant redeployment
+    ignore_changes = [
+      zip_deploy_file
+    ]
+  }
+}
+
+# Application Insights for monitoring the Function App
+resource "azurerm_application_insights" "autoscaler" {
+  name                = "${var.base_name}-autoscaler-insights"
+  resource_group_name = var.resource_group.name
+  location            = var.resource_group.location
+  application_type    = "other"
+
+  tags = merge(var.tags, {
+    WorkerPoolID = var.worker_pool_id
+    Component    = "Autoscaler"
+  })
+}

autoscaler/download.sh

@@ -0,0 +1,45 @@
+#!/usr/bin/env sh
+set -e
+
+code_version=$1
+code_architecture=$2
+downloadFolder=$3
+
+# TODO:// might need to rename this after repo name changes
+zip_name="ec2-workerpool-autoscaler_azurefunc_linux_${code_architecture}.zip"
+
+if [ "$code_version" != "latest" ]; then
+  # TODO:// might need to rename this after repo name changes
+  download_url="https://github.com/spacelift-io/ec2-workerpool-autoscaler/releases/download/${code_version}/${zip_name}"
+else
+  tmpfile=$(mktemp /tmp/spacelift-request-headers.XXXXXX)
+  if [ -n "${GITHUB_TOKEN}" ]; then
+    # TODO:// might need to rename this after repo name changes
+    request=$(curl -D "$tmpfile" -X GET --header "Authorization: Bearer ${GITHUB_TOKEN}" -sS "https://api.github.com/repos/spacelift-io/ec2-workerpool-autoscaler/releases/latest")
+  else
+    # TODO:// might need to rename this after repo name changes
+    request=$(curl -D "$tmpfile" -X GET -sS "https://api.github.com/repos/spacelift-io/ec2-workerpool-autoscaler/releases/latest")
+  fi
+  ratelimit=$(cat "$tmpfile" | grep x-ratelimit-remaining | awk '{print $2}' | tr -d '\012\015')
+  rm "$tmpfile"
+  if [ "$ratelimit" = "0" ]; then
+    echo "Github API rate limit exceeded, cannot find latest version. Please try again later or version pin the module."
+    exit 1
+  else
+    echo "Github API rate limit remaining: '$ratelimit'"
+
+    release=$(printf '%s' "$request" | jq -r --arg ZIP "$zip_name" '.assets[] | select(.name==$ZIP)')
+
+    release_date=$(echo "$release" | jq -r '.created_at')
+    download_url=$(echo "$release" | jq -r '.browser_download_url')
+
+    echo "Downloading Details:"
+    echo "  Release Name: $code_version"
+    echo "  Release Date: $release_date"
+    echo "  Download URL: $download_url"
+  fi
+fi
+
+mkdir -p "$downloadFolder"
+cd "$downloadFolder"
+curl -L -O "$download_url"

autoscaler/function_package/AutoscalerTimer/function.json

@@ -0,0 +1,11 @@
+{
+  "bindings": [
+    {
+      "name": "Timer",
+      "type": "timerTrigger",
+      "direction": "in",
+      "schedule": "%SCHEDULE_EXPRESSION%",
+      "useMonitor": true
+    }
+  ]
+}

autoscaler/function_package/host.json

@@ -0,0 +1,30 @@
+{
+  "version": "2.0",
+  "extensionBundle": {
+    "id": "Microsoft.Azure.Functions.ExtensionBundle",
+    "version": "[4.*, 5.0.0)"
+  },
+  "logging": {
+    "logLevel": {
+      "default": "Information",
+      "Host.Results": "Information",
+      "Function": "Information",
+      "Host.Aggregator": "Information"
+    },
+    "applicationInsights": {
+      "samplingSettings": {
+        "isEnabled": true,
+        "maxTelemetryItemsPerSecond": 5
+      }
+    }
+  },
+  "customHandler": {
+    "description": {
+      "defaultExecutablePath": "bootstrap",
+      "workingDirectory": "",
+      "arguments": []
+    },
+    "enableForwardingHttpRequest": false
+  },
+  "functionTimeout": "00:05:00"
+}

autoscaler/function_package/package.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+set -e
+
+unset CDPATH
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd -P)"
+
+AUTOSCALER_ZIP_PATH="$1"
+OUTPUT_ZIP="$2"
+
+if [ -z "$AUTOSCALER_ZIP_PATH" ] || [ -z "$OUTPUT_ZIP" ]; then
+  echo "Usage: $0 <autoscaler-zip-path> <output-zip-path>"
+  exit 1
+fi
+
+# Convert relative paths to absolute
+if [[ "$AUTOSCALER_ZIP_PATH" != /* ]]; then
+  AUTOSCALER_ZIP_PATH="$PWD/$AUTOSCALER_ZIP_PATH"
+fi
+if [[ "$OUTPUT_ZIP" != /* ]]; then
+  OUTPUT_ZIP="$PWD/$OUTPUT_ZIP"
+fi
+
+OUTPUT_DIR="$(dirname "$OUTPUT_ZIP")"
+mkdir -p "$OUTPUT_DIR"
+
+PACKAGE_DIR="$(mktemp -d)"
+trap "rm -rf \"$PACKAGE_DIR\"" EXIT
+
+echo "Packaging Azure Function autoscaler..."
+
+mkdir -p "${PACKAGE_DIR}/AutoscalerTimer"
+
+if [ ! -f "$AUTOSCALER_ZIP_PATH" ]; then
+  echo "Error: autoscaler zip not found at $AUTOSCALER_ZIP_PATH"
+  exit 1
+fi
+
+echo "Extracting autoscaler binary..."
+unzip -o -q "$AUTOSCALER_ZIP_PATH" -d "$PACKAGE_DIR"
+
+if [ -f "${PACKAGE_DIR}/bootstrap" ]; then
+  chmod +x "${PACKAGE_DIR}/bootstrap"
+elif [ -f "${PACKAGE_DIR}/azure-vmss-workerpool-autoscaler" ]; then
+  mv "${PACKAGE_DIR}/azure-vmss-workerpool-autoscaler" "${PACKAGE_DIR}/bootstrap"
+  chmod +x "${PACKAGE_DIR}/bootstrap"
+else
+  echo "Error: No bootstrap or azure-vmss-workerpool-autoscaler binary found in zip"
+  ls -la "$PACKAGE_DIR"
+  exit 1
+fi
+
+echo "Copying function configuration..."
+cp "$SCRIPT_DIR/host.json" "$PACKAGE_DIR/host.json"
+cp "$SCRIPT_DIR/AutoscalerTimer/function.json" "$PACKAGE_DIR/AutoscalerTimer/function.json"
+
+echo "Creating deployment package..."
+cd "${PACKAGE_DIR}"
+zip -r -q "$OUTPUT_ZIP" ./*
+
+echo "Package created successfully at $OUTPUT_ZIP"
+echo "Package size: $(du -h "$OUTPUT_ZIP" | cut -f1)"