Merge pull request #1617 from porter-dev/ym/temporal_autoscaler_triggers

yosefmih · web-flow · commit 161a865f44ec · 2025-10-09T15:22:35.000-07:00
Allow flexible custom autoscaling templating for Porter Apps to support Temporal autoscaling
diff --git a/applications/web/templates/scaled-object.yaml b/applications/web/templates/scaled-object.yaml
@@ -34,19 +34,31 @@ spec:
           - type: {{ .Values.keda.hpa.scaleDown.policy.type }}
             value: {{ .Values.keda.hpa.scaleDown.policy.value }}
             periodSeconds: {{ .Values.keda.hpa.scaleDown.policy.periodSeconds }}
-  {{- if .Values.keda.trigger }}
+  {{- if or (and .Values.keda.trigger .Values.keda.trigger.metricName) .Values.keda.porterTriggers .Values.keda.triggers }}
   triggers:
+  {{- if and .Values.keda.trigger .Values.keda.trigger.metricName }}
     - type: prometheus
-      metricType: {{ .Values.keda.trigger.metricType }}
+      metricType: {{ .Values.keda.trigger.metricType | default "AverageValue" }}
       metadata:
         serverAddress: http://prometheus-server.monitoring.svc.cluster.local:80
         metricName: {{ .Values.keda.trigger.metricName }}
         query: {{ .Values.keda.trigger.metricQuery }}
         threshold: '{{ .Values.keda.trigger.metricThreshold }}'
         ignoreNullValues: {{ .Values.keda.trigger.ignoreNullValues | default "true" | quote }}
   {{- end }}
-  {{- if .Values.keda.triggers }}
-  triggers:
-  {{- toYaml .Values.keda.triggers | nindent 4 }}
+  {{- range .Values.keda.porterTriggers }}
+    {{/* Porter-managed triggers: prefix authenticationRef.name with release name */}}
+    {{- $authRef := .authenticationRef }}
+    {{- $triggerCopy := omit . "authenticationRef" }}
+    - {{- toYaml $triggerCopy | nindent 6 }}
+      {{- if $authRef }}
+      authenticationRef:
+        name: {{ $fullName }}-{{ $authRef.name }}
+      {{- end }}
+  {{- end }}
+  {{- range .Values.keda.triggers }}
+    {{/* Raw KEDA triggers: pass through as-is */}}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   {{- end }}
 {{- end }}
diff --git a/applications/web/templates/trigger-authentication.yaml b/applications/web/templates/trigger-authentication.yaml
@@ -0,0 +1,26 @@
+{{- if and .Values.keda.enabled .Values.keda.authentications -}}
+{{- $fullName := include "docker-template.fullname" . -}}
+{{- range $authName, $authConfig := .Values.keda.authentications }}
+---
+apiVersion: keda.sh/v1alpha1
+kind: TriggerAuthentication
+metadata:
+  name: {{ $fullName }}-{{ $authName }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  {{- if $authConfig.apiKey }}
+  secretTargetRef:
+    - parameter: apiKey
+      name: {{ $authConfig.apiKey.secretName }}
+      key: {{ $authConfig.apiKey.secretKey }}
+  {{- end }}
+  {{- if $authConfig.secretRefs }}
+  secretTargetRef:
+  {{- range $authConfig.secretRefs }}
+    - parameter: {{ .parameter }}
+      name: {{ .secretName }}
+      key: {{ .secretKey }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
diff --git a/applications/web/values.yaml b/applications/web/values.yaml
@@ -174,7 +174,44 @@ keda:
     metricType: AverageValue
     metricQuery: ""
     metricThreshold: ""
+  porterTriggers: []
+    # Example: Porter-managed triggers (authenticationRef.name gets prefixed with release name)
+    # - type: temporal
+    #   authenticationRef:
+    #     name: temporal-570667b8-f40c-4b84-a36d-7e805849a361
+    #   metadata:
+    #     endpoint: temporal.example.com:7233
+    #     namespace: default
+    #     taskQueue: my-workflow-queue
+    #     targetQueueSize: "5"
   triggers: []
+    # Example: Raw KEDA triggers (passed through as-is)
+    # - type: temporal
+    #   authenticationRef:
+    #     name: temporal-auth
+    #   metadata:
+    #     endpoint: temporal-frontend.temporal.svc.cluster.local:7233
+    #     namespace: default
+    #     taskQueue: my-workflow-queue
+    #     targetQueueSize: "5"
+
+  # Named authentication configurations that can be referenced by triggers
+  authentications: {}
+    # Example for Temporal Cloud API key:
+    # temporal-auth:
+    #   apiKey:
+    #     secretName: temporal-secret
+    #     secretKey: api-key
+    #
+    # Example for custom secret refs:
+    # custom-auth:
+    #   secretRefs:
+    #     - parameter: username
+    #       secretName: my-secret
+    #       secretKey: username
+    #     - parameter: password
+    #       secretName: my-secret
+    #       secretKey: password
 
 health:
   livenessProbe:
diff --git a/applications/worker/templates/scaled-object.yaml b/applications/worker/templates/scaled-object.yaml
@@ -34,20 +34,31 @@ spec:
           - type: {{ or .Values.keda.hpa.scaleDown.policy.type "Percent" }}
             value: {{ .Values.keda.hpa.scaleDown.policy.value }}
             periodSeconds: {{ .Values.keda.hpa.scaleDown.policy.periodSeconds }}
-  {{- if .Values.keda.trigger }}
+  {{- if or (and .Values.keda.trigger .Values.keda.trigger.metricName) .Values.keda.porterTriggers .Values.keda.triggers }}
   triggers:
+  {{- if and .Values.keda.trigger .Values.keda.trigger.metricName }}
     - type: prometheus
       metricType: {{ .Values.keda.trigger.metricType | default "AverageValue" }}
       metadata:
-        # Required fields:
         serverAddress: http://prometheus-server.monitoring.svc.cluster.local:80
         metricName: {{ .Values.keda.trigger.metricName }}
         query: {{ .Values.keda.trigger.metricQuery }}
         threshold: '{{ .Values.keda.trigger.metricThreshold }}'
         ignoreNullValues: {{ .Values.keda.trigger.ignoreNullValues | default "true" | quote }}
   {{- end }}
-  {{- if .Values.keda.triggers }}
-  triggers:
-  {{- toYaml .Values.keda.triggers | nindent 4 }}
+  {{- range .Values.keda.porterTriggers }}
+    {{/* Porter-managed triggers: prefix authenticationRef.name with release name */}}
+    {{- $authRef := .authenticationRef }}
+    {{- $triggerCopy := omit . "authenticationRef" }}
+    - {{- toYaml $triggerCopy | nindent 6 }}
+      {{- if $authRef }}
+      authenticationRef:
+        name: {{ $fullName }}-{{ $authRef.name }}
+      {{- end }}
+  {{- end }}
+  {{- range .Values.keda.triggers }}
+    {{/* Raw KEDA triggers: pass through as-is */}}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   {{- end }}
 {{- end }}
diff --git a/applications/worker/templates/trigger-authentication.yaml b/applications/worker/templates/trigger-authentication.yaml
@@ -0,0 +1,26 @@
+{{- if and .Values.keda.enabled .Values.keda.authentications -}}
+{{- $fullName := include "docker-template.fullname" . -}}
+{{- range $authName, $authConfig := .Values.keda.authentications }}
+---
+apiVersion: keda.sh/v1alpha1
+kind: TriggerAuthentication
+metadata:
+  name: {{ $fullName }}-{{ $authName }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  {{- if $authConfig.apiKey }}
+  secretTargetRef:
+    - parameter: apiKey
+      name: {{ $authConfig.apiKey.secretName }}
+      key: {{ $authConfig.apiKey.secretKey }}
+  {{- end }}
+  {{- if $authConfig.secretRefs }}
+  secretTargetRef:
+  {{- range $authConfig.secretRefs }}
+    - parameter: {{ .parameter }}
+      name: {{ .secretName }}
+      key: {{ .secretKey }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
diff --git a/applications/worker/values.yaml b/applications/worker/values.yaml
@@ -103,7 +103,65 @@ keda:
     metricName: ""
     metricQuery: ""
     metricThreshold: ""
+  
+  # Porter-managed triggers: Porter will create TriggerAuthentication resources with the 
+  # release name prefix (e.g., {release-name}-temporal-auth) to avoid ownership conflicts.
+  # Use this for triggers configured through the Porter app create flow.
+  porterTriggers: []
+    # Example Temporal trigger with authentication:
+    # - type: temporal
+    #   authenticationRef:
+    #     name: temporal-auth  # Will become {release-name}-temporal-auth
+    #   metadata:
+    #     endpoint: temporal-frontend.temporal.svc.cluster.local:7233
+    #     namespace: default
+    #     taskQueue: my-workflow-queue
+    #     targetQueueSize: "5"
+    #     queueTypes: workflow,activity
+    #
+    # Example Prometheus trigger:
+    # - type: prometheus
+    #   authenticationRef:
+    #     name: prom-auth  # Will become {release-name}-prom-auth
+    #   metadata:
+    #     serverAddress: http://prometheus-server.monitoring.svc.cluster.local
+    #     metricName: http_requests_total
+    #     threshold: '100'
+    #     query: sum(rate(http_requests_total[2m]))
+
+  # Raw KEDA triggers: These are passed through as-is without any modifications.
+  # Use this when you create and manage TriggerAuthentication resources yourself via helm overrides.
+  # The authenticationRef.name must exactly match your pre-created TriggerAuthentication resource.
   triggers: []
+    # Example with user-managed authentication:
+    # - type: temporal
+    #   authenticationRef:
+    #     name: my-custom-temporal-auth  # Must pre-exist, used exactly as specified
+    #   metadata:
+    #     endpoint: temporal-frontend.temporal.svc.cluster.local:7233
+    #     namespace: default
+    #     taskQueue: my-workflow-queue
+    #     targetQueueSize: "5"
+    #     queueTypes: workflow,activity
+
+  # Named authentication configurations that can be referenced by porterTriggers.
+  # Porter will create TriggerAuthentication resources with the release name prefix.
+  authentications: {}
+    # Example for Temporal Cloud API key:
+    # temporal-auth:
+    #   apiKey:
+    #     secretName: temporal-secret
+    #     secretKey: api-key
+    #
+    # Example for custom secret refs:
+    # custom-auth:
+    #   secretRefs:
+    #     - parameter: username
+    #       secretName: my-secret
+    #       secretKey: username
+    #     - parameter: password
+    #       secretName: my-secret
+    #       secretKey: password
 
 health:
   enabled: false
