Resoto Worker Configuration
Configuration Files​
You may need make your AWS credentials
file, Google Cloud service account JSON files, Kubernetes kubeconfig files, etc. available to Resoto Worker so that it can collect your resources.
Writing Configuration Files at Startup​
The Resoto Worker write_files_to_home_dir
configuration option allows you to write files to the Resoto Worker home directory.
Resoto Worker generates files at defined path
with the specified content
at startup.
resotoworker:
write_files_to_home_dir:
- path: ~/.aws/config
content: |
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
region = us-east-1
output=json
[profile user1]
region=us-west-1
output=text
Resoto Worker can only write files to its home directory.
Resoto Worker will overwrite any existing files with the defined filenames.
Mounting Configuration Files to Container-Based Installations​
For Docker and Kubernetes installations, you can mount configuration files within the resotoworker
container instead of defining them in the configuration.
- Docker
- Kubernetes
Add the desired volume definition to the
resotoworker
service indocker-compose.yaml
:docker-compose.yamlservices:
...
resotoworker:
image: somecr.io/someengineering/resotoworker:3.6.5
container_name: resotoworker
...
volumes:
- $HOME/.aws:/home/resoto/.aws
...
...Recreate the
resotoworker
container with the updated service definition:$ docker-compose up -d
noteDocker Compose V2 integrated compose functions in to the Docker platform.
In Docker Compose V2, the command is
docker compose
(no hyphen) instead ofdocker-compose
.
Create a secret with the path to the configuration file:
$ kubectl -n resoto create secret generic resoto-home --from-file=credentials=$HOME/.aws/credentials
Update
resoto-values.yaml
withresotoworker
volume mounts and volumes:resoto-values.yaml...
resotoworker:
...
volumeMounts:
- mountPath: /home/resoto/.aws
name: aws-credentials
volumes:
- name: aws-credentials
secret:
secretName: resoto-home
...Deploy the changes with Helm:
$ helm upgrade resoto resoto/resoto --set image.tag=3.6.5 -f resoto-values.yaml
Multi-Core Machines​
Resoto resource collection speed depends heavily on the number of CPU cores available to the worker. When collecting hundreds of accounts, Resoto Worker can easily saturate 64 cores or more.
The amount of RAM required depends on the number of resources in each account. As a rule of thumb, estimate 512 MB of RAM and 0.5 CPU cores per account concurrently collected, with a minimum of 4 cores and 16 GB for a production setup.
The following settings specify how many Worker threads Resoto starts:
resotoworker:
...
# How many cleanup threads to run in parallel
cleanup_pool_size: 16
# Collector thread/process pool size
pool_size: 5
aws:
...
# Account thread/process pool size
account_pool_size: 32
# Region thread pool size
region_pool_size: 20
gcp:
...
# GCP project thread/process pool size
project_pool_size: 32
...
The
resotoworker.pool_size
setting determines how many collectors (AWS, Google Cloud, DigitalOcean, Kubernetes, etc.) are run concurrently.aws.account_pool_size
andgcp.project_pool_size
are used to determine how many accounts or projects respectively are collected concurrently.Within AWS,
aws.region_pool_size
is used to determine how many regions per account are collected concurrently.
At peak, Resoto creates concurrent network connections for each region in every account. With a single cloud with 32 accounts and 20 regions per account, for example, there will be a maximum of 32 × 20 = 640 connections.
This is not a problem in a data center or with a SOHO router, where hundreds of thousands (or even millions) of new connections per second are supported. However, if you are testing Resoto at home using a consumer-grade router, you should be conservative when configuring thread pool sizes.