Skip to main content
The Actuator component receives events from Control Plane and uses the metadata provided in the events to instantiate the desired configuration on the kubernetes cluster. This can be Kubernetes deployments, domain routing configuration, storage devices, etc.

Settings

These environment variables can be added into configuration for the actuator to adjust the behavior of the CPLN Platform. To adjustment these settings, make changes to the CPLN Platform Add-on configuration or manually adjust the cpln-byok-current configmap if you are running your own Kubernetes.

INGRESS_REQ_CPU

  • The initial cpu request size used for shared and dedicated load balancer ingress deployments.

INGRESS_REQ_MEM

  • The initial memory request size used for shared and dedicated load balancer ingress deployments.

INGRESS_TARGET_CPU_PERCENT

  • The target cpu percent used by the horizontal pod autoscalers for shared and dedicated load balancer ingress deployments. This should be calculated with awareness that the cpu value used is 4000 millicores but may be less if small nodes are used. For example, if the request size is set to 1000m and you desire a target to be 3000m, then set this value to 300.

INGRESS_FIREWALL_CIDR_LIST

  • A comma delimited list of CIDRs used to restrict inbound access for shared and dedicated load balancers.

INGRESS_LOAD_BALANCER_SCHEME

  • One of internet-facing or internal. When internal is used then you must be on a private network to access the workloads running in this location. Automated detection of geo-routing is limited in this configuration since the external monitoring will not be able to reach the endpoints.

INGRESS_ANNOTATIONS

  • Annotations to be used instead of standard generated ones for the load balancer service for shared and dedicated load balancer ingress deployments. This can be useful if your cloud provider load balancer controller is not already supported by Control Plane and requires a specific annotation.

INGRESS_EXTRA_ANNOTATIONS

  • Extra annotations to be added to the load balancer service for shared and dedicated load balancers. This is useful if a specific annotation should be used in your environment for all load balancers. This is applied after the standard load balancer annotations and can be used to replace existing values. Pass through annotations are applied after this can be used to make additional adjustments to specific dedicated load balancers.

INGRESS_PORTS

  • An array of ports used to limit the custom ports that are added to dedicated load balancers.

BYOK_K8S_API_WORKLOADS

  • An array of workload links which are allowed to access the kubernetes api.
  • The ClusterRole the workloads are given should be specified with the tag cpln/k8sClusterRole on the workload.
Ensure the ClusterRole already exists

THIN_PROVISION

  • Percent of CPU that is guaranteed for workloads.

How to Configure Thin Provisioning

To configure thin provisioning, you need to modify the cpln-byok-current ConfigMap in the kube-system namespace. This ConfigMap contains the actuator settings where you can specify the THIN_PROVISION environment variable.

Steps to Configure

  1. Modify the cpln-byok-current configmap in the kube-system namespace.
  2. In the actuator settings, add an environment variable named THIN_PROVISION.
This variable should have a value representing the percentage of resources that will be guaranteed. For example, if you want to reserve 800m when 1000m is requested, set THIN_PROVISION to .8. Example Configuration: Here is an example of how the configuration should look: 

   {
     "actuator": {
       "env": {
         "CACHE_PERIOD_DATA_SERVICE": "600",
         "LABEL_NODES": "false",
         "THIN_PROVISION": ".8"
       }
     }
   }

LABEL_NODES

Controls whether the actuator automatically manages node labels and workload node selectors to enable isolation between core platform components and user workloads across multiple nodepools.
  • Core Nodes - infrastructure components: ingress gateways, service mesh, monitoring, cloud integration, etc
  • Workload Nodes - used for workloads and minimal supporting infrastructure for workloads

How LABEL_NODES Works

When LABEL_NODES is set to true, the actuator implements the following behavior:
  1. Node Labeling: The actuator automatically labels all nodes with cpln.io/nodeType:
    • If a node has a taint cpln.io/nodeType with a specific value, the node receives that value as its label
    • If a node does not have the cpln.io/nodeType taint, it receives the label cpln.io/nodeType=core
  2. Workload Node Selection: The actuator adds a node selector cpln.io/nodeType=workload to all user workloads
  3. Taint Toleration: All user workloads automatically tolerate the taint cpln.io/nodeType=workload

Configuring Multi-Nodepool Isolation

To run the CPLN Platform with separate nodepools for core components and user workloads:
  1. Enable LABEL_NODES: Set the LABEL_NODES environment variable to true in the actuator settings
  2. Configure Workload Nodepools: Add a taint to all nodes in your workload nodepools: 
    cpln.io/nodeType=workload:NoSchedule
  3. Configure Core Nodepools: Leave core component nodepools without any taints since the workloads running there will not tolerate any taints. It’s ok to provide the label cpln.io/nodeType=core

How Isolation Works

With this configuration:
  • User workloads will only run on workload nodes because:
    • They have a node selector requiring cpln.io/nodeType=workload
    • They tolerate the cpln.io/nodeType=workload:NoSchedule taint
  • Core platform components will only run on core nodes because:
    • They do not tolerate the cpln.io/nodeType=workload:NoSchedule taint on workload nodes

Example Isolated Node Pool Configuration

Enable LABEL_NODES in actuator: 
{
  "actuator": {
    "env": {
      "LABEL_NODES": "true"
    }
  }
}
In your Kubernetes or Managed Kubernetes (MK8s) nodepool configuration, add the appropriate taints: Workload Nodepool(s): 
taints:
  - key: cpln.io/nodeType
    value: workload
    effect: NoSchedule
Core Nodepool(s): 
# Must not have any taints
labels:
  cpln.io/nodeType: core