Sleep Mode & Auto Delete
vCluster Platform provides two powerful features to reduce Kubernetes cost:
- Sleep Mode which puts namespaces to sleep when nobody is using them, i.e. purging all pods while keeping all resources inside the namespaces during periods of inactivity
- Auto-Delete which deletes namespaces that have been idle for a while
Both of these feature typically rely on Loft's inactivity detection.
Working with Sleep Mode
With sleep mode, you can put namespaces to sleep which means that Loft will set replicas: 0 for all replica-controlled resources such as Deployments and StatefulSets inside the namespace. This means that Kubernetes will delete all pods but the entire configuration of resources within the namespace is still there.
Sleep mode can be:
- Invoked manually
- Triggered by an inactivity timeout (no one has ran a
kubectlcommand or accessed an ingress in this namespace for X minutes) - Scheduled using a CRON syntax
Manual + Automatic Sleep / Wake-up
Start Sleep (manual)
- UI
- CLI
In the Projects > NameSpaces view, hover over the row of the namespace that you want to put to sleep
Click on the button to put the namespace to Sleep
Notice how the Status column shows that the namespace is now sleeping.
To put a namespace to sleep using vCluster CLI, run:
vcluster platform sleep namespace [name]
Automatic Sleep Mode (individual namespace)
In the Projects > Namespaces view, hover over the namespace that you want to configure automatic sleep mode for
Click on the Edit button to Edit the namespace
In the drawer that appears on the right, expand the section. This only works for namespaces without a template, if you want to change the sleep mode configuration for a namespace created by a template, please do the changes in the Templates view
Use the Sleep After Inactivity field to specify the time to wait before putting the namespace to sleep if there is no more user activity in this namespace
On the very bottom, click on the button to save the changes
Wake up namespace
- UI
- CLI
In the Projects > Namespaces view, hover over the Status column of the namespace that you want to wake up
While hovering over the row, you will see a tooltip appear that provide information about the sleep state of this namespace
Click on the button to wakeup the namespace
Notice how the Status column shows that the namespace is now running again.
To wake up a sleeping namespace using vCluster CLI, run:
vcluster platform wakeup namespace [name]
Scheduled Sleep / Wake-up
Scheduled Sleep & Wake-Up (individual namespace)
In the Projects > Namespaces view, hover over namespace that you want to configure automatic sleep mode for
Click on the Edit button to Edit the namespace
In the drawer that appears on the right, expand the namespace. This only works for namespaces without a template, if you want to change the sleep mode configuration for a namespace created by a template, please do the changes in the Templates view
Expand the section
Use the Sleep Schedule field and/or the Wake-Up Schedule field to specify the Cronjob Times when the respective namespace should be put to sleep or woken up
On the very bottom, click on the button to save the changes
Working with Auto-Delete
Loft lets you configure an auto-delete for namespaces that have not been used for a certain period of time (inactivity).
Configure Auto-Delete Timeout
In the Projects > Namespaces view, hover over the namespace that you want to configure auto-delete for
Click on the Edit button to Edit the namespace
In the drawer that appears on the right, expand the section. This only works for namespaces without a template, if you want to change the auto delete configuration for a namespace created by a template, please do the changes in the Templates view
Use the Delete After Inactivity field to specify the time to wait before deleting the namespace if there was no more user activity within this namespace
On the very bottom, click on the button to save the changes
Inactivity Detection
All requests that are made through vCluster Platform count as activity in the namespace.
If your kube-context points to Loft's API server as a proxy before the actual connected cluster's API server, every kubectl request will be an activity and reset the inactivity timeout.
Ingress Requests
For ingress-nginx based ingresses, activity detection also works automatically. Other ingress controllers are currently not supported. For nginx based ingresses, Loft will add a special annotation to each ingress that will track activity and reset the timer as soon as a request is made to that ingress.
Advanced Configuration
Exclude Resources From Sleep
Loft allows you to specify resources that should not sleep within a namespace by providing the annotation sleepmode.loft.sh/exclude: 'true' on either a Deployment, StatefulSet, ReplicaSet or Pod. For example the following Deployment would not sleep if the namespace is sleeping:
apiVersion: apps/v1
kind: Deployment
metadata:
name: test
annotations:
sleepmode.loft.sh/exclude: 'true'
spec:
replicas: 2
selector:
matchLabels:
app: test
template:
metadata:
labels:
app: test
spec:
containers:
- name: busybox
image: busybox
command:
- sleep
- '3600'
Long-Living Connections
It's possible that certain requests such as kubectl exec or kubectl port-forward keep an active connection open to the namespace that prevents it from sleeping. This is wanted in most cases since the namespace shouldn't start sleeping when someone is still clearly using it, however there are cases where the connection might be idle (someone left the laptop open, but is not using it anymore) in which you want to terminate such connections and put the namespace to sleep.
There are multiple ways to approach this problem of active connections preventing a namespace from sleeping:
- You can tell loft to timeout idle streaming connections (such as
kubectl exec,kubectl port-forwardetc.) after a certain time period with the annotationloft.sh/streaming-connection-idle-timeout: '3600'on a cluster. With this annotation set, loft will close connections automatically that are idle after the given seconds. By default, Loft will not timeout any connections. This will only apply to new opened connections to that cluster and not affect already running connections. - Tell loft to ignore all active connections for determining namespace activity via the annotation
sleepmode.loft.sh/ignore-active-conntections: 'true'. This will put a namespace to sleep even though there still might be open connections such askubectl execorkubectl port-forward. - Configure your kubelets with the flag
--streaming-connection-idle-timeout duration(see docs). This behaves essentially as option 1, however this configuration is Loft independent.
Ignoring Other Types of Activity
| Annotation | Behavior | Format |
|---|---|---|
| "sleepmode.loft.sh/ignore-all" | ignore all activity | "true" OR "false" |
| "sleepmode.loft.sh/ignore-ingresses" | ignore requests to associated ingresses | "true" OR "false" |
| "sleepmode.loft.sh/ignore-groups" | ignore requests with a specific apigroup | "apps,group2,group3" |
| "sleepmode.loft.sh/ignore-vclusters" | ignore requests to specific vclusters | "vcluster1,vcluster2,vcluster3" |
| "sleepmode.loft.sh/ignore-resources" | ignore requests to specific resource types | "pods,resource2,resource3" |
| "sleepmode.loft.sh/ignore-verbs" | ignore requests with specific verbs | "create,verb1,verb2" |
| "sleepmode.loft.sh/ignore-resource-verbs" | ignore requests with specific verbs to specific resources | "myresource.mygroup=create update delete, myresource2.mygroup=create update" |
| "sleepmode.loft.sh/ignore-resource-names" | ignore requests to specific resources with specific names | "myresource.mygroup=name1 name2,..." |
| "sleepmode.loft.sh/ignore-active-connections" | ignore active connections | "true" OR "false" |
| "sleepmode.loft.sh/ignore-user-agents" | ignore specific useragents with trailling wildcard support | "kubectl*,argo,useragent3" |