docs(README): Define the new location of ProxLB at credativ

Updated README to reflect the new location of the ProxLB project and removed outdated sections.

.changelogs/1.1.0/114_refactor_code_base.yml

@@ -1,6 +1,5 @@
 fixed:
   - Refactored code base for ProxLB [#114]
-  - Renamed package from `proxlb` to `python3-proxlb` to align with Debian packaging guidelines [#114]
   - Switched to `pycodestyle` for linting [#114]
   - Package building will be done within GitHub actions pipeline [#114]
   - ProxLB now only returns a warning when no guests for further balancing are not present (instead of quitting) [132#]
@@ -9,4 +8,4 @@ fixed:
   - Stop balancing when movement would get worste (new force param to enfoce for affinity rules) [#128]
   - Added requested documentation regarding Proxmox HA groups [#127]
   - Rewrite of the whole affinity/anti-affinity rules evaluation and placement [#123]
-  - Fixed the `ignore` parameter for nodes where the node and guests on the node will be untouched [#102]
+  - Fixed the `ignore` parameter for nodes where the node and guests on the node will be untouched [#102]

.changelogs/1.1.0/137_fix_systemd_unit_file.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix the systemd unit file to start ProxLB after pveproxy (by @robertdahlem). [#137]

.changelogs/1.1.0/release_meta.yml

@@ -1 +1 @@
-date: TBD
+date: 2025-04-01

.changelogs/1.1.1/163_fix_ignore_vm_tag.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix tag evluation for VMs for being ignored for further balancing [#163]

.changelogs/1.1.1/165_improve_logging_servity.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Improve logging verbosity of messages that had a wrong servity [#165]

.changelogs/1.1.1/168_add_more_flexible_schedules.yml

@@ -0,0 +1,2 @@
+feature:
+  - Add a more flexible way to define schedules in minutes or hours (by @gyptazy) [#168]

.changelogs/1.1.1/171_set_correct_python_path_docker_image.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix Python path for Docker entrypoint (by @crandler) [#170]

.changelogs/1.1.1/174_honor_balancing_activation_value.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Honor the value when balancing should not be performed and stop balancing [#174]

.changelogs/1.1.1/176_change_turn_daemon_mode_on_default.yml

@@ -0,0 +1,2 @@
+changed:
+  - Change the default behaviour of the daemon mode to active [#176]

.changelogs/1.1.1/180_change_default_balancing_to_used_instead_assigned.yml

@@ -0,0 +1,2 @@
+changed:
+  - Change the default banalcing mode to used instead of assigned [#180]

.changelogs/1.1.1/184_validate_for_sufficient_user_permissions.yml

@@ -0,0 +1,2 @@
+feature:
+  - Add validation for the minimum required permissions of a user in Proxmox [#184]

.changelogs/1.1.1/185-logging-handler-for-no-systemd-integration.yml

@@ -0,0 +1,2 @@
+fix:
+  - add handler to log messages with severity less than info to the screen when there is no systemd integration, for instance, inside a docker container (by @glitchvern) [#185]

.changelogs/1.1.1/187_allow_use_of_minutes_instead_of_hours.yml

@@ -0,0 +1,2 @@
+fixed:
+  - allow the use of minutes instead of hours and only accept hours or minutes in the format (by @glitchvern) [#187]

.changelogs/1.1.1/195_set_cpu_used_to_cpu_usage_times_core_count.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Set cpu_used to the cpu usage, which is a percent, times the total number of cores to get a number where guest cpu_used can be added to nodes cpu_used and be meaningful (by @glitchvern) [#195]

.changelogs/1.1.1/197_remove_hard_coded_memory_usage_from_lowest_usage_node.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Remove hard coded memory usage from lowest usage node and use method and mode specified in configuration instead (by @glitchvern) [#197]

.changelogs/1.1.1/200_requery_zero_guest_cpu_used.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Requery a guest if that running guest reports 0 cpu usage (by @glitchvern) [#200]

.changelogs/1.1.1/204_fix_migration_log_relationship_of_guest_type.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix the guest type relationship in the logs when a migration job failed (by @gyptazy) [#204]

.changelogs/1.1.1/205_add_api_upstream_error_message_on_migration_failure.yml

@@ -0,0 +1,2 @@
+added:
+  - Providing the API upstream error message when migration fails in debug mode (by @gyptazy) [#205]

.changelogs/1.1.1/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-04-20

.changelogs/1.1.10/335-prevalidate-affinity-matrix.yml

@@ -0,0 +1,2 @@
+added:
+  - Prevent redundant rebalancing by validating existing affinity enforcement before taking actions (@gyptazy). [#335]

.changelogs/1.1.10/359-add-pve8-user-protections-for-conntrack-aware-migrations.yml

@@ -0,0 +1,2 @@
+added:
+  - Add safety-guard for PVE 8 users when activating conntrack-aware migrations mistakenly (@gyptazy). [#359]

.changelogs/1.1.10/361_fix_proxmox_api_connection_validation.yml

@@ -0,0 +1,3 @@
+fixed:
+  - Fixed the Proxmox API connection validation which returned a false-positive logging message of timeouts (@gyptazy). [#361]
+  - Refactored Proxmox API connection functions

.changelogs/1.1.10/368_fix_crash_enumerating_pools_with_storage_members.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fixed a crash during PVE resource pool enumeration by skipping members not having a 'name' property (@stefanoettl). [#368]

.changelogs/1.1.10/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-11-25

.changelogs/1.1.11/275_add_overprovisioning_safety_guard.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fixed missing overprovisioning safety guard to avoid node overprovisioning (@gyptazy). [#275]

.changelogs/1.1.11/335_fix_affinity_matrix_prevalidation.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fixed affinity matrix pre-validation by inverting validations (@Thalagyrt). [#335]

.changelogs/1.1.11/373_add_node_resource_reservation_support.yml

@@ -0,0 +1,2 @@
+added:
+  - Add resource reservation support for PVE nodes (@Chipmonk2). [#373]

.changelogs/1.1.11/378_change_and_improve_balancing_decisions.yml

@@ -0,0 +1,3 @@
+changed:
+  - Changed balancing and sorting behaviour (@gyptazy). [#378]
+  - Balancing objects will be ordered by: count of objects in affinity-rules, followed by memory size 

.changelogs/1.1.11/387_select_balancing_workloads_by_size.yml

@@ -0,0 +1,2 @@
+added:
+  - Add possibility to sort and select balancing workloads by smaller/larger guest objects (@gyptazy). [#387]

.changelogs/1.1.11/391_add_native_proxmox_ha_rules_support.yml

@@ -0,0 +1,3 @@
+added:
+  - Add support for Proxmox's native HA (affinity/anti-affinity) rules (@gyptazy). [#391]
+  - Add support for Proxmox's native HA (node-affinity) rules for pinning guests to nodes (@gyptazy). [#391]

.changelogs/1.1.11/395_fix_pool_based_node_pinning.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fixed pool based node pinning (@gyptazy). [#395]

.changelogs/1.1.11/402_add_ha_job_validation.yml

@@ -0,0 +1,2 @@
+added:
+  - Add HA job validation for migration jobs (@gytazy). [#402]

.changelogs/1.1.11/406_add_stricness_for_node_pinning_of_pools.yml

@@ -0,0 +1,2 @@
+added:
+  - Add support for configuring node-pinning strictness (default: true) within pools (@gyptazy). [#406]

.changelogs/1.1.11/408_fix_moving_ignored_guests.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fixed that ignored VMs/CTs got moved to another node when being ignored (@gyptazy). [#408]

.changelogs/1.1.11/414_add_pinning_enforcement.yml

@@ -0,0 +1,2 @@
+added:
+  - Add new option to enforce node/guest pinning even when cluster is balanced from a resource perspective (@gyptazy). [#414]

.changelogs/1.1.11/release_meta.yml

@@ -0,0 +1 @@
+date: 2026-01-12

.changelogs/1.1.12/420_fix_psi_based_balancing_key_error.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix PSI based balancing which resulted in a Python KeyError (@gyptazy). [#420]

.changelogs/1.1.12/release_meta.yml

@@ -0,0 +1 @@
+date: TBD

.changelogs/1.1.2/137_fix_systemd_unit_file.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix systemd unit file to run after network on non PVE nodes (by @robertdahlem) [#137]

.changelogs/1.1.2/157_add_proxmox_api_retry_mechanism.yml

@@ -0,0 +1,2 @@
+added:
+  - Add a configurable retry mechanism when connecting to the Proxmox API (by @gyptazy) [#157]

.changelogs/1.1.2/218_add_1_to_one_relationship_guest_node_pinning.yml

@@ -0,0 +1,2 @@
+added:
+  - Add 1-to-1 relationships between guest and hypervisor node to ping a guest on a node (by @gyptazy) [#218]

.changelogs/1.1.2/222_fix_force_type_cast_cpu_metrics_to_int.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Force type cast cpu count of guests to int for some corner cases where a str got returned (by @gyptazy). [#222]

.changelogs/1.1.2/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-05-13

.changelogs/1.1.3/189_add_reload_function.yml

@@ -0,0 +1,2 @@
+added:
+  - Add relaod (SIGHUP) function to ProxLB to reload the configuration (by @gyptazy). [#189]

.changelogs/1.1.3/232_align_maintenance_mode_proxmox_ha.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Align maintenance mode with Proxmox HA maintenance mode (by @gyptazy). [#232]

.changelogs/1.1.3/239_add_optional_delay_time_until_service_starts.yml

@@ -0,0 +1,2 @@
+added:
+  - Add optional wait time parameter to delay execution until the service takes action (by @gyptazy). #239

.changelogs/1.1.3/241_make_amount_of_parallel_migrations_configurable.yml

@@ -0,0 +1,2 @@
+added:
+  - Make the amount of parallel migrations configurable (by @gyptazy). [#241]

.changelogs/1.1.3/94_cpu_balancing_use_avg_instead_current_consumption.yml

@@ -0,0 +1,2 @@
+changed:
+  - Use the average CPU consumption of a guest within the last 60 minutes instead of the current CPU usage (by @philslab-ninja & @gyptazy). [#94]

.changelogs/1.1.3/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-06-19

.changelogs/1.1.4/245_add_guest_pinning_to_groups_of_nodes.yml

@@ -0,0 +1,2 @@
+added:
+  - Allow pinning of guests to a group of nodes (@gyptazy). [#245]

.changelogs/1.1.4/248_fix_dry_run_combination_balancing_disabled.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fixed an issue where balancing was performed in combination of deactivated balancing and dry-run mode (@gyptazy). [#248]

.changelogs/1.1.4/255_fix_loglevels.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Modified log levels to make output lighter at INFO level (@pmarasse) [#255]

.changelogs/1.1.4/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-06-27

.changelogs/1.1.5/260_allow_custom_api_ports.yml

@@ -0,0 +1,2 @@
+added:
+  - Allow custom API ports instead of fixed tcp/8006 (@gyptazy). [#260]

.changelogs/1.1.5/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-07-14

.changelogs/1.1.6/268_fix_balancing_type_eval.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix balancing evaluation of guest types (e.g., VM or CT) (@gyptazy). [#268]

.changelogs/1.1.6/290_validate_user_token_syntax.yml

@@ -0,0 +1,2 @@
+added:
+  - Add validation for provided API user token id to avoid confusions (@gyptazy). [#291]

.changelogs/1.1.6/291_fix_stack_trace_no_user_permissions_testing.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix stacktrace output when validating permissions on non existing users in Proxmox (@gyptazy). [#291]

.changelogs/1.1.6/295_fix_overprovisioning_first_node_if_anti_affinity_group_has_only_one-member.yml

@@ -0,0 +1,3 @@
+fixed:
+  - Fix Overprovisioning first node if anti_affinity_group has only one member (@MiBUl-eu). [#295]
+  

.changelogs/1.1.6/296_fix_validate_node_presence_when_pinning_guests.yml

@@ -0,0 +1,3 @@
+fixed:
+  - Validate for node presence when pinning guests to avoid crashing (@gyptazy). [#296]
+  

.changelogs/1.1.6/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-09-04

.changelogs/1.1.7/304_add_graceful_shutdown_sigint.yml

@@ -0,0 +1,2 @@
+added:
+  - Add graceful shutdown for SIGINT (e.g., CTRL + C abort). (@gyptazy). [#304]

.changelogs/1.1.7/305_add_conntrack_support_for_migrations.yml

@@ -0,0 +1,2 @@
+added:
+  - Add conntrack state aware migrations of VMs (@gyptazy). [#305]

.changelogs/1.1.7/308_fix_only_validate_valid_jobids.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix crash when validating absent migration job ids. (@gyptazy). [#308]

.changelogs/1.1.7/310_guest-object-names-not-being-evaluated-in-log.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix guest object names are not being evaluated in debug log. (@gyptazy). [#310]

.changelogs/1.1.7/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-09-19

.changelogs/1.1.8/317_container_image_non_root.yml

@@ -0,0 +1,3 @@
+changed:
+  - Container image does not run as root anymore (@mikaelkrantz945). [#317]
+  - Container image uses venv for running ProxLB (@mikaelkrantz945). [#317]

.changelogs/1.1.8/318_fix_conntrack_aware_migrations_api_pve8.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix API errors when using conntrack aware migration with older PVE versions (@gyptazy). [#318]

.changelogs/1.1.8/329_add_log_prefix.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Add a static ProxLB prefix to the log output when used by journal handler (@gyptazy). [#329]

.changelogs/1.1.8/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-10-09

.changelogs/1.1.9/337_add_pressure_based_balancing.yml

@@ -0,0 +1,5 @@
+added:
+  - Add pressure (PSI) based balancing for memory, cpu, disk (req. PVE9 or greater) (@gyptazy). [#337]
+  - Pressure (PSI) based balancing for nodes
+  - Pressure (PSI) based balancing for guests
+  - Add PVE version evaluation

.changelogs/1.1.9/342_add_memory_balancing_threshold.yml

@@ -0,0 +1,2 @@
+added:
+  - Add an optional memory balancing threshold (@gyptazy). [#342]

.changelogs/1.1.9/343_add_affinity_rules_support_by_pools.yml

@@ -0,0 +1,2 @@
+added:
+  - Add affinity/anti-affinity support by pools (@gyptazy). [#343]

.changelogs/1.1.9/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-10-30

.github/workflows/20-pipeline-build-deb-package.yml

@@ -28,7 +28,7 @@ jobs:
       - name: Check out repository
         uses: actions/checkout@v3
         with:
-          ref: 'development'
+          ref: ${{ github.ref }}
 
       - name: Set up Docker with Debian image
         run: |
@@ -39,9 +39,26 @@ jobs:
           docker run --rm -v $(pwd):/workspace -w /workspace debian:latest bash -c "
             # Install dependencies
             apt-get update && \
-            apt-get install -y python3 python3-setuptools debhelper dh-python python3-pip python3-stdeb python3-proxmoxer python3-requests python3-urllib3 && \
-            # Build package
-            python3 setup.py --command-packages=stdeb.command bdist_deb && \
+            apt-get install -y python3 python3-setuptools debhelper dh-python python3-pip python3-stdeb python3-proxmoxer python3-requests python3-urllib3 devscripts python3-all && \
+
+            # Get base version from source code
+            BASE_VERSION=\$(grep __version__ proxlb/utils/version.py | awk '{print \$3}' | tr -d '\"')
+            echo \"Base version: \$BASE_VERSION\"
+
+            # Build full version with timestamp
+            FULL_VERSION=\"\${BASE_VERSION}+$(date +%Y%m%d%H%M)\"
+            echo \"Full version: \$FULL_VERSION\"
+
+            # Update debian/changelog with new version
+            dch --force-bad-version -v \"\$FULL_VERSION\" \
+                \"Automated GitHub Actions build on $(date -u +'%Y-%m-%d %H:%M UTC').\" && \
+
+            # Build package using stdeb / setuptools
+            # python3 setup.py --command-packages=stdeb.command bdist_deb && \
+            # Build native package
+            dpkg-buildpackage -us -uc && \
+            mkdir package && \
+            mv ../*.deb package/ && \
             echo 'OK: Debian package successfully created.'
           "
 
@@ -49,25 +66,35 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: debian-package
-          path: deb_dist/*.deb
+          path: package/*.deb
 
   integration-test-debian:
     needs: build-package-debian
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        debian_version: [bookworm, trixie]
+    name: Integration Test on Debian ${{ matrix.debian_version }}
     steps:
       - name: Download Debian package artifact
         uses: actions/download-artifact@v4
         with:
           name: debian-package
-          path: deb_dist/
+          path: package/
 
       - name: Set up Docker with Debian image
-        run: docker pull debian:latest
+        run: docker pull debian:${{ matrix.debian_version }}
 
       - name: Install and test Debian package in Docker container
         run: |
-          docker run --rm -v $(pwd)/deb_dist:/deb_dist -w /deb_dist debian:latest bash -c "
-            apt-get update && \
-            apt-get install -y ./python3-proxlb*.deb && \
-            python3 -c 'import proxlb; print(\"OK: Debian package successfully installed.\")'
-          "
+          docker run --rm \
+            -v "$(pwd)/package:/package" \
+            -w /package \
+            debian:${{ matrix.debian_version }} \
+            bash -c "
+              set -e
+              apt-get update
+              apt-get install -y python3 systemd
+              apt-get install -y ./proxlb*.deb
+              python3 -c 'import proxlb; print(\"OK: Debian package successfully installed on ${{ matrix.debian_version }}.\")'
+            "

.github/workflows/30-pipeline-build-container-amd64.yml

@@ -0,0 +1,26 @@
+name: "Build Container Image: AMD64"
+on: [push]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Build amd64 image and save as tar
+      run: |
+        docker buildx build \
+          --platform linux/amd64 \
+          --load \
+          -t proxlb-image:amd64 \
+          .
+
+        docker save proxlb-image:amd64 -o proxlb_image_amd64.tar
+    - name: Upload Docker image artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: proxlb-image-amd64
+        path: proxlb_image_amd64.tar

.github/workflows/30-pipeline-build-container-arm64.yml

@@ -0,0 +1,26 @@
+name: "Build Container Image: ARM64"
+on: [push]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Build arm64 image and save as tar
+      run: |
+        docker buildx build \
+          --platform linux/arm64 \
+          --load \
+          -t proxlb-image:arm64 \
+          .
+
+        docker save proxlb-image:arm64 -o proxlb_image_arm64.tar
+    - name: Upload Docker image artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: proxlb-image-arm64
+        path: proxlb_image_arm64.tar

.github/workflows/30-pipeline-build-container-multi-arch.yml

@@ -0,0 +1,23 @@
+name: "Build Container Image: Multiarch"
+on: [push]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Build multi-arch image and save as tar
+      run: |
+        docker buildx build \
+          --platform linux/amd64,linux/arm64 \
+          --output type=tar,dest=proxlb_image_multiarch.tar \
+          .
+    - name: Upload Docker image artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: proxlb-image-multiarch
+        path: proxlb_image_multiarch.tar

CHANGELOG.md

@@ -0,0 +1,308 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.1.11] - 2026-01-12
+
+### Added
+
+- Add support for Proxmoxs native HA (affinity/anti-affinity) rules [beta] (@gyptazy). [#391]
+- Add support for Proxmox native HA (node-affinity) rules for pinning guests to nodes [beta] (@gyptazy). [#391]
+- Add resource reservation support for PVE nodes (@Chipmonk2). [#373]
+- Add possibility to sort and select balancing workloads by smaller/larger guest objects (@gyptazy). [#387]
+- Add HA job validation for migration jobs to fetch child jobs (@gytazy). [#402]
+- Add support for configuring node-pinning strictness (default: true) within pools to allow strict/prefer modes (@gyptazy). [#406]
+- Add new option to enforce node/guest pinning even when cluster is balanced from a resource perspective (@gyptazy). [#414]
+
+### Fixed
+
+- Fix missing overprovisioning safety guard to avoid node overprovisioning (@gyptazy). [#275]
+- Fix affinity matrix pre-validation by inverting validations (@Thalagyrt). [#335]
+- Fix pool based node pinning which expects a list (@gyptazy). [#395]
+- Fix that ignored VMs/CTs got moved to another node when being ignored (@gyptazy). [#408]
+
+### Changed
+
+- Change balancing and sorting behaviour (@gyptazy). [#378]
+- Balancing objects will be ordered by count of objects in affinity-rules, followed by memory size (@gyptazy). [#378]
+
+## [1.1.10] - 2025-11-25
+
+### Added
+
+- Prevent redundant rebalancing by validating existing affinity enforcement before taking actions (@gyptazy). [#335]
+- Add safety-guard for PVE 8 users when activating conntrack-aware migrations mistakenly (@gyptazy). [#359]
+
+### Fixed
+
+- Fix the Proxmox API connection validation which returned a false-positive logging message of timeouts (@gyptazy). [#361]
+- Refactored Proxmox API connection functions (@gyptazy). [#361]
+- Fix a crash during PVE resource pool enumeration by skipping members not having a 'name' property (@stefanoettl). [#368]
+
+## [1.1.9.1] - 2025-10-30
+
+### Fixed
+
+- Fix quoting in f-strings which may cause issues on PVE 8 / Debian Bookworm systems (@gyptazy). [#352]
+
+## [1.1.9] - 2025-10-30
+
+### Added
+
+- Add an optional memory balancing threshold (@gyptazy). [#342]
+- Add affinity/anti-affinity support by pools (@gyptazy). [#343]
+- Add pressure (PSI) based balancing for memory, cpu, disk (req. PVE9 or greater) (@gyptazy). [#337]
+    - Pressure (PSI) based balancing for nodes
+    - Pressure (PSI) based balancing for guests
+- Add PVE version evaluation
+
+## [1.1.8] - 2025-10-09
+
+### Fixed
+
+- Fix API errors when using conntrack aware migration with older PVE versions (@gyptazy). [#318]
+- Add a static ProxLB prefix to the log output when used by journal handler (@gyptazy). [#329]
+
+### Changed
+- Container image does not run as root anymore (@mikaelkrantz945). [#317]
+- Container image uses venv for running ProxLB (@mikaelkrantz945). [#317]
+
+## [1.1.7] - 2025-09-19
+
+### Added
+
+- Add conntrack state aware migrations of VMs (@gyptazy). [#305]
+- Add graceful shutdown for SIGINT (e.g., CTRL + C abort). (@gyptazy). [#304]
+
+### Fixed
+
+- Fix crash when validating absent migration job ids. (@gyptazy). [#308]
+- Fix guest object names are not being evaluated in debug log. (@gyptazy). [#310]
+
+## [1.1.6.1] - 2025-09-04
+
+### Fixed
+
+- Validate for node presence when pinning VMs to avoid crashing (@gyptazy). [#296]
+
+## [1.1.6] - 2025-09-04
+
+### Added
+
+- Add validation for provided API user token id to avoid confusions (@gyptazy). [#291]
+
+### Fixed
+
+- Fix stacktrace output when validating permissions on non existing users in Proxmox (@gyptazy). [#291]
+- Fix Overprovisioning first node if anti_affinity_group has only one member (@MiBUl-eu). [#295]
+- Validate for node presence when pinning guests to avoid crashing (@gyptazy). [#296]
+- Fix balancing evaluation of guest types (e.g., VM or CT) (@gyptazy). [#268]
+
+## [1.1.5] - 2025-07-14
+
+### Added
+
+- Allow custom API ports instead of fixed tcp/8006 (@gyptazy). [#260]
+
+
+## [1.1.4] - 2025-06-27
+
+### Added
+
+- Allow pinning of guests to a group of nodes (@gyptazy). [#245]
+
+### Fixed
+
+- Modified log levels to make output lighter at INFO level (@pmarasse) [#255]
+- Fixed an issue where balancing was performed in combination of deactivated balancing and dry-run mode (@gyptazy). [#248]
+
+
+## [1.1.3] - 2025-06-19
+
+### Added
+
+- Add relaod (SIGHUP) function to ProxLB to reload the configuration (by @gyptazy). [#189]
+- Add optional wait time parameter to delay execution until the service takes action (by @gyptazy). [#239]
+- Make the amount of parallel migrations configurable (by @gyptazy). [#241]
+
+### Changed
+
+- Use the average CPU consumption of a guest within the last 60 minutes instead of the current CPU usage (by @philslab-ninja & @gyptazy). [#94]
+
+### Fixed
+
+- Align maintenance mode with Proxmox HA maintenance mode (by @gyptazy). [#232]
+
+
+## [1.1.2] - 2025-05-13
+
+### Added
+
+- Add a configurable retry mechanism when connecting to the Proxmox API (by @gyptazy) [#157]
+- Add 1-to-1 relationships between guest and hypervisor node to ping a guest on a node (by @gyptazy) [#218]
+
+### Fixed
+
+- Force type cast cpu count of guests to int for some corner cases where a str got returned (by @gyptazy). [#222]
+- Fix systemd unit file to run after network on non PVE nodes (by @robertdahlem) [#137]
+
+
+## [1.1.1] - 2025-04-20
+
+### Added
+
+- Providing the API upstream error message when migration fails in debug mode (by @gyptazy) [#205]
+
+### Changed
+
+- Change the default behaviour of the daemon mode to active [#176]
+- Change the default banalcing mode to used instead of assigned [#180]
+
+### Fixed
+
+- Set cpu_used to the cpu usage, which is a percent, times the total number of cores to get a number where guest cpu_used can be added to nodes cpu_used and be meaningful (by @glitchvern) [#195]
+- Fix tag evluation for VMs for being ignored for further balancing [#163]
+- Honor the value when balancing should not be performed and stop balancing [#174]
+- allow the use of minutes instead of hours and only accept hours or minutes in the format (by @glitchvern) [#187]
+- Remove hard coded memory usage from lowest usage node and use method and mode specified in configuration instead (by @glitchvern) [#197]
+- Fix the guest type relationship in the logs when a migration job failed (by @gyptazy) [#204]
+- Requery a guest if that running guest reports 0 cpu usage (by @glitchvern) [#200]
+- Fix Python path for Docker entrypoint (by @crandler) [#170]
+- Improve logging verbosity of messages that had a wrong servity [#165]
+
+
+## [1.1.0] - 2025-04-01
+
+### Fixed
+
+- Refactored code base for ProxLB [#114]
+- Switched to `pycodestyle` for linting [#114]
+- Package building will be done within GitHub actions pipeline [#114]
+- ProxLB now only returns a warning when no guests for further balancing are not present (instead of quitting) [132#]
+- All nodes (according to the free resources) will be used now [#130]
+- Fixed logging outputs where highest/lowest were mixed-up [#129]
+- Stop balancing when movement would get worste (new force param to enfoce for affinity rules) [#128]
+- Added requested documentation regarding Proxmox HA groups [#127]
+- Rewrite of the whole affinity/anti-affinity rules evaluation and placement [#123]
+- Fixed the `ignore` parameter for nodes where the node and guests on the node will be untouched [#102]
+
+
+## [1.0.6] - 2024-12-24
+
+### Fixed
+
+- Fix maintenance mode when using cli arg and config mode by using the merged list (by @CartCaved). [#119]
+- Fix that a scheduler time definition of 1 (int) gets wrongly interpreted as a bool (by @gyptazy). [#115]
+
+
+## [1.0.5] - 2024-10-30
+
+### Changed
+
+- Change docs to make bool usage in configs more clear (by @gyptazy). [#104]
+
+### Fixed
+
+- Fix node (and its objects) evaluation when not reachable, e.g., maintenance (by @gyptazy). [#107]
+- Fix migration from local disks (by @greenlogles). [#113]
+- Fix evaluation of maintenance mode where comparing list & string resulted in a crash (by @glitchvern). [#106]
+- Fix allowed values (add DEBUG, WARNING) for log verbosity (by @gyptazy). [#98]
+
+
+## [1.0.4] - 2024-10-11
+
+### Added
+
+- Add maintenance mode to evacuate a node and move workloads for other nodes in the cluster. [#58]
+- Add feature to make API timeout configureable. [#91]
+- Add version output cli arg. [#89]
+
+### Changed
+
+- Run storage balancing only on supported shared storages. [#79]
+- Run storage balancing only when needed to save time. [#79]
+
+### Fixed
+
+- Fix CPU balancing where calculations are done in float instead of int. (by @glitchvern) [#75]
+- Fix documentation for the underlying infrastructure. [#81]
+
+
+## [1.0.3] - 2024-09-12
+
+### Added
+
+- Add cli arg `-b` to return the next best node for next VM/CT placement. [#8]
+- Add a convert function to cast all bool alike options from configparser to bools. [#53]
+- Add a config parser options for future features. [#53]
+- Add a config versio schema that must be supported by ProxLB. [#53]
+- Add feature to allow the API hosts being provided as a comma separated list. [#60]
+- Add doc how to add dedicated user for authentication. (by @Dulux-Oz)
+- Add storage balancing function. [#51]
+
+### Changed
+
+- Provide a more reasonable output when HA services are not active in a Proxmox cluster. [#68]
+- Improve the underlying code base for future implementations. [#53]
+
+### Fixed
+
+- Fix anti-affinity rules not evaluating a new and different node. [#67]
+- Fixed `master_only` function by inverting the condition.
+- Fix documentation for the master_only parameter placed in the wrong config section. [#74]
+- Fix bug in the `proxlb.conf` in the vm_balancing section.
+- Fix handling of unset `ignore_nodes` and `ignore_vms` resulted in an attribute error. [#71]
+- Improved the overall validation and error handling. [#64]
+
+
+## [1.0.2] - 2024-08-13
+
+### Added
+
+- Add option to run ProxLB only on the Proxmox's master node in the cluster (reg. HA feature). [#40]
+- Add option to run migrations in parallel or sequentially. [#41]
+
+### Changed
+
+- Fix daemon timer to use hours instead of minutes. [#45]
+
+### Fixed
+
+- Fix CMake packaging for Debian package to avoid overwriting the config file. [#49]
+
+
+## [1.0.0] - 2024-08-01
+
+### Added
+
+- Add feature to prevent VMs from being relocated by defining the 'plb_ignore_vm' tag. [#7]
+- Add feature to prevent VMs from being relocated by defining a wildcard pattern. [#7]
+- Add Docker/Podman support. [#10 by @daanbosch]
+- Add option to rebalance by assigned VM resources to avoid overprovisioning. [#16]
+- Add feature to make log verbosity configurable [#17].
+- Add dry-run support to see what kind of rebalancing would be done. [#6]
+- Add LXC/Container integration. [#27]
+- Add exclude grouping feature to rebalance VMs from being located together to new nodes. [#4]
+- Add include grouping feature to rebalance VMs bundled to new nodes. [#3]
+- Add option_mode to rebalance by node's free resources in percent (instead of bytes). [#29]
+
+### Changed
+
+- Adjusted general logging and log more details.
+
+
+## [0.9.9] - 2024-07-06
+
+### Added
+
+- Initial public development release of ProxLB.
+
+
+## [0.9.0] - 2024-02-01
+
+### Added
+
+- Development release of ProxLB.

Dockerfile

@@ -0,0 +1,41 @@
+# Use the latest Alpine image
+FROM alpine:latest
+
+# Labels
+LABEL maintainer="gyptazy@gyptazy.com"
+LABEL org.label-schema.name="ProxLB"
+LABEL org.label-schema.description="ProxLB - An advanced load balancer for Proxmox clusters."
+LABEL org.label-schema.vendor="gyptazy"
+LABEL org.label-schema.url="https://proxlb.de"
+LABEL org.label-schema.vcs-url="https://github.com/gyptazy/ProxLB"
+
+# --- Step 1 (root): system deps, user, dirs ---
+RUN apk add --no-cache python3 py3-pip \
+  && addgroup -S plb \
+  && adduser -S -G plb -h /home/plb plb \
+  && mkdir -p /app/conf /opt/venv \
+  && chown -R plb:plb /app /home/plb /opt/venv
+
+WORKDIR /app
+
+# Copy only requirements first for better layer caching
+COPY --chown=plb:plb requirements.txt /app/requirements.txt
+
+# --- Step 2 (appuser): venv + deps + code ---
+USER plb
+
+# Create venv owned by appuser and put it on PATH
+RUN python3 -m venv /opt/venv
+ENV PATH="/opt/venv/bin:${PATH}"
+
+# Install Python dependencies into the venv (no PEP 668 issues)
+RUN pip install --no-cache-dir -r /app/requirements.txt
+
+# Copy application code (owned by appuser)
+COPY --chown=plb:plb proxlb /app/proxlb
+
+# Optional: placeholder config so a bind-mount can override cleanly
+RUN touch /app/conf/proxlb.yaml
+
+# Run as non-root using venv Python
+ENTRYPOINT ["/opt/venv/bin/python", "/app/proxlb/main.py"]

README.md

@@ -1,275 +1,7 @@
-# ProxLB - (Re)Balance VM Workloads in Proxmox Clusters
-<img align="left" src="https://cdn.gyptazy.com/images/Prox-LB-logo.jpg"/>
-<br>
+# ProxLB Moved
 
-<p float="center"><img src="https://img.shields.io/github/license/gyptazy/ProxLB"/><img src="https://img.shields.io/github/contributors/gyptazy/ProxLB"/><img src="https://img.shields.io/github/last-commit/gyptazy/ProxLB/main"/><img src="https://img.shields.io/github/issues-raw/gyptazy/ProxLB"/><img src="https://img.shields.io/github/issues-pr/gyptazy/ProxLB"/></p>
+You can find the new location of the `ProxLB` project at:
+[github.com/credativ/ProxLB](https://github.com/credativ/ProxLB)
 
-
-# :warning: Important: ProxLB 1.1.x is coming
-This repository is currently under heavy work and changes. During that time it might come to issues, non working pipelines or wrong documentation. Please select a stable release tag for a suitable version during this time!
-
-## Table of Contents
-1. [Introduction](#introduction)
-2. [Features](#features)
-3. [How does it work?](#how-does-it-work)
-4. [Installation](#installation)
-   1. [Requirements / Dependencies](#requirements--dependencies)
-   2. [Debian Package](#debian-package)
-   3. [RedHat Package](#redhat-package)
-   4. [Container / Docker](#container--docker)
-   5. [Source](#source)
-5. [Upgrading](#upgrading)
-   1. [Upgrading from < 1.1.0](#upgrading-from--110)
-   2. [Upgrading from >= 1.1.0](#upgrading-from--110)
-6. [Usage / Configuration](#usage--configuration)
-   1. [GUI Integration](#gui-integration)
-   2. [Proxmox HA Integration](#proxmox-ha-integration)
-   3. [Options](#options)
-7. [Affinity & Anti-Affinity Rules](#affinity--anti-affinity-rules)
-   1. [Affinity Rules](#affinity-rules)
-   2. [Anti-Affinity Rules](#anti-affinity-rules)
-8. [Maintenance](#maintenance)
-9. [Misc](#misc)
-   1. [Bugs](#bugs)
-   2. [Contributing](#contributing)
-   3. [Documentation](#documentation)
-   4. [Support](#support)
-10. [Author(s)](#authors)
-
-
-## Introduction
-ProxLB is an advanced load balancing solution specifically designed for Proxmox clusters, addressing the absence of a Dynamic Resource Scheduler (DRS) that is familiar to VMware users. As a third-party solution, ProxLB enhances the management and efficiency of Proxmox clusters by intelligently distributing workloads across available nodes. Workloads can be balanced by different times like the guest's memory, CPU or disk usage or their assignment to avoid overprovisioning and ensuring resources.
-
-One of the key advantages of ProxLB is that it is fully open-source and free, making it accessible for anyone to use, modify, and contribute to. This ensures transparency and fosters community-driven improvements. ProxLB supports filtering and ignoring specific nodes and guests through configuration files and API calls, providing administrators with the flexibility to tailor the load balancing behavior to their specific needs.
-
-A standout feature of ProxLB is its maintenance mode. When enabled, all guest workloads are automatically moved to other nodes within the cluster, ensuring that a node can be safely updated, rebooted, or undergo hardware maintenance without disrupting the overall cluster operation. Additionally, ProxLB supports both affinity and anti-affinity rules, allowing operators to group multiple guests to run together on the same node or ensure that certain guests do not run on the same node, depending on the cluster's node count. This feature is crucial for optimizing performance and maintaining high availability.
-
-ProxLB can also return the best next node for guest placement, which can be integrated into CI/CD pipelines using tools like Ansible or Terraform. This capability streamlines the deployment process and ensures efficient resource utilization. Furthermore, ProxLB leverages the Proxmox API, including the entire ACL (Access Control List) system, for secure and efficient operation. Unlike some solutions, it does not require SSH access, enhancing security and simplifying configuration.
-
-Overall, ProxLB significantly enhances resource management by intelligently distributing workloads, reducing downtime through its maintenance mode, and providing improved flexibility with affinity and anti-affinity rules. Its seamless integration with CI/CD tools and reliance on the Proxmox API make it a robust and secure solution for optimizing Proxmox cluster performance.
-
-### Video of Migration
-<img src="https://cdn.gyptazy.com/images/proxlb-rebalancing-demo.gif"/>
-
-## Features
-ProxLB's key features are by enabling automatic rebalancing of VMs and CTs across a Proxmox cluster based on memory, CPU, and local disk usage while identifying optimal nodes for automation. It supports maintenance mode, affinity rules, and seamless Proxmox API integration with ACL support, offering flexible usage as a one-time operation, a daemon, or through the Proxmox Web GUI.
-
-**Features**
-* Rebalance VMs/CTs in the cluster by:
-  * Memory
-  * Disk (only local storage)
-  * CPU
-* Get best nodes for further automation
-* Supported Guest Types
-  * VMs
-  * CTs
-* Maintenance Mode
-  * Set node(s) into maintenance
-  * Move all workloads to different nodes
-* Affinity / Anti-Affinity Rules
-* Fully based on Proxmox API
-  * Fully integrated into the Proxmox ACL
-  * No SSH required
-* Usage
-  * One-Time
-  * Daemon
-  * Proxmox Web GUI Integration
-
-## How does it work?
-ProxLB is a load-balancing system designed to optimize the distribution of virtual machines (VMs) and containers (CTs) across a cluster. It works by first gathering resource usage metrics from all nodes in the cluster through the Proxmox API. This includes detailed resource metrics for each VM and CT on every node. ProxLB then evaluates the difference between the maximum and minimum resource usage of the nodes, referred to as "Balanciness." If this difference exceeds a predefined threshold (which is configurable), the system initiates the rebalancing process.
-
-Before starting any migrations, ProxLB validates that rebalancing actions are necessary and beneficial. Depending on the selected balancing mode — such as CPU, memory, or disk — it creates a balancing matrix. This matrix sorts the VMs by their maximum used or assigned resources, identifying the VM with the highest usage. ProxLB then places this VM on the node with the most free resources in the selected balancing type. This process runs recursively until the operator-defined Balanciness is achieved. Balancing can be defined for the used or max. assigned resources of VMs/CTs.
-
-## Installation
-
-### Requirements / Dependencies
-* Python3.x
-* proxmoxer
-* requests
-* urllib3
-* pyyaml
-
-The dependencies can simply be installed with `pip` by running the following command:
-```
-pip install -r requirements.txt
-```
-
-Distribution packages, such like the provided `.deb` package will automatically resolve and install all required dependencies by using already packaged version from the distribution's repository.
-
-### Debian Package
-
-### RedHat Package
-
-### Container / Docker
-
-### Source
-
-## Upgrading
-
-### Upgrading from < 1.1.0
-Upgrading ProxLB is not supported due to a fundamental redesign introduced in version 1.1.x. With this update, ProxLB transitioned from a monolithic application to a pure Python-style project, embracing a more modular and flexible architecture. This shift aimed to improve maintainability and extensibility while keeping up with modern development practices. Additionally, ProxLB moved away from traditional ini-style configuration files and adopted YAML for configuration management. This change simplifies configuration handling, reduces the need for extensive validation, and ensures better type casting, ultimately providing a more streamlined and user-friendly experience.
-
-### Upgrading from >= 1.1.0
-Uprading within the current stable versions, starting from 1.1.0, will be possible in all supported ways.
-
-## Usage / Configuration
-Running ProxLB is straightforward and versatile, as it only requires `Python3` and the `proxmoxer` library. This means ProxLB can be executed directly on a Proxmox node or on dedicated systems such as Debian, RedHat, or even FreeBSD, provided that the Proxmox API is accessible from the client running ProxLB. ProxLB can also run inside a Container - Docker or LXC - and is simply up to you.
-
-### GUI Integration
-<img align="left" src="https://cdn.gyptazy.com/images/proxlb-GUI-integration.jpg"/> ProxLB can also be accessed through the Proxmox Web UI by installing the optional `pve-proxmoxlb-service-ui` package, which depends on the proxlb package. For full Web UI integration, this package must be installed on all nodes within the cluster. Once installed, a new menu item - `Rebalancing`, appears in the cluster level under the HA section. Once installed, it offers two key functionalities:
-* Rebalancing VM workloads
-* Migrate VM workloads away from a defined node (e.g. maintenance preparation)
-
-**Note:** This package is currently discontinued and will be readded at a later time. See also: [#44: How to install pve-proxmoxlb-service-ui package](https://github.com/gyptazy/ProxLB/issues/44).
-
-### Proxmox HA Integration
-Proxmox HA (High Availability) groups are designed to ensure that virtual machines (VMs) remain running within a Proxmox cluster. HA groups define specific rules for where VMs should be started or migrated in case of node failures, ensuring minimal downtime and automatic recovery.
-
-However, when used in conjunction with ProxLB, the built-in load balancer for Proxmox, conflicts can arise. ProxLB operates with its own logic for workload distribution, taking into account affinity and anti-affinity rules. While it effectively balances guest workloads, it may re-shift and redistribute VMs in a way that does not align with HA group constraints, potentially leading to unsuitable placements.
-
-Due to these conflicts, it is currently not recommended to use both HA groups and ProxLB simultaneously. The interaction between the two mechanisms can lead to unexpected behavior, where VMs might not adhere to HA group rules after being moved by ProxLB.
-
-A solution to improve compatibility between HA groups and ProxLB is under evaluation, aiming to ensure that both features can work together without disrupting VM placement strategies.
-
-See also: [#65: Host groups: Honour HA groups](https://github.com/gyptazy/ProxLB/issues/65).
-
-### Options
-The following options can be set in the configuration file `proxlb.yaml`:
-
-| Section | Option | Example | Type | Description |
-|------|:------:|:------:|:------:|:------:|
-| `proxmox_api` |  |  | |  |
-| | hosts | ['virt01.example.com', '10.10.10.10', 'fe01::bad:code::cafe'] | `List` | List of Proxmox nodes. Can be IPv4, IPv6 or mixed. |
-| | user | root@pam | `Str` | Username for the API. |
-| | pass | FooBar | `Str` | Password for the API. (Recommended: Use API token authorization!) |
-| | token_id | proxlb | `Str` | Token ID of the user for the API. |
-| | token_secret | 430e308f-1337-1337-beef-1337beefcafe | `Str` | Secret of the token ID for the API. |
-| | ssl_verification | True | `Bool` | Validate SSL certificates (1) or ignore (0). (default: 1, type: bool) |
-| | timeout | 10 | `Int` | Timeout for the Proxmox API in sec. (default: 10) |
-| `proxmox_cluster` |  | | |  |
-| | maintenance_nodes | ['virt66.example.com'] | `List` | A list of Proxmox nodes that are defined to be in a maintenance. (default: []) |
-| | ignore_nodes | [] | `List` | A list of Proxmox nodes that are defined to be ignored.  (default: []) |
-| | overprovisioning | False | `Bool` | Avoids balancing when nodes would become overprovisioned. |
-| `balancing` |  | | |  |
-| | enable | True | `Bool` | Enables the guest balancing.  (default: True)|
-| | enforce_affinity | True | `Bool` | Enforcing affinity/anti-affinity rules but balancing might become worse.  (default: False) |
-| | parallel | False | `Bool` | If guests should be moved in parallel or sequentially. (default: False)|
-| | live | True | `Bool` | If guests should be moved live or shutdown.  (default: True)|
-| | with_local_disks | True | `Bool` | If balancing of guests should include local disks  (default: True)|
-| | balance_types | ['vm', 'ct'] | `List` | Defined the types of guests that should be honored.  (default: ['vm', 'ct']) |
-| | max_job_validation | 1800 | `Int` | How long a job validation may take in seconds. (default: 1800) |
-| | balanciness | 10 | `Int` | The maximum delta of resource usage between node with highest and lowest usage. (default: 10) |
-| | method | memory | `Str` | The balancing method that should be used.  (default: memory | choices: memory, cpu, disk)|
-| | mode | used | `Str` | The balancing mode that should be used.  (default: used | choices: used, assigned)|
-| `service` |  | | |  |
-| | daemon | False | `Bool` | If daemon mode should be activated  (default: False)|
-| | schedule | 12 | `Int` | How often rebalancing should occur in hours in daemon mode (default: 12)|
-| | log_level | INFO | `Str` | Defines the default log level that should be logged.  (default: INFO) |
-
-An example of the configuration file looks like:
-```
-proxmox_api:
-  hosts: ['virt01.example.com', '10.10.10.10', 'fe01::bad:code::cafe']
-  user: root@pam
-  #pass: crazyPassw0rd!
-  token_id: proxlb
-  token_secret: 430e308f-1337-1337-beef-1337beefcafe
-  ssl_verification: False
-  timeout: 10
-
-proxmox_cluster:
-  maintenance_nodes: ['virt66.example.com']
-  ignore_nodes: []
-  overprovisioning: True
-
-balancing:
-  enable: True
-  enforce_affinity: False
-  parallel: False
-  live: True
-  with_local_disks: True
-  balance_types: ['vm', 'ct']
-  max_job_validation: 1800
-  balanciness: 5
-  method: memory
-  mode: assigned
-
-service:
-  daemon: False
-  schedule: 12
-  log_level: DEBUG
-```
-
-### Parameters
-The following options and parameters are currently supported:
-
-| Option | Long Option | Description | Default |
-|------|:------:|------:|------:|
-| -c | --config | Path to a config file. | /etc/proxlb/proxlb.conf (default) |
-| -d | --dry-run | Performs a dry-run without doing any actions. | False |
-| -j | --json | Returns a JSON of the VM movement. | False |
-| -b | --best-node | Returns the best next node for a VM/CT placement (useful for further usage with Terraform/Ansible). | False |
-| -v | --version | Returns the ProxLB version on stdout. | False |
-
-## Affinity & Anti-Affinity Rules
-ProxLB provides an advanced mechanism to define affinity and anti-affinity rules, enabling precise control over virtual machine (VM) placement. These rules help manage resource distribution, improve high availability configurations, and optimize performance within a Proxmox Virtual Environment (PVE) cluster. By leveraging Proxmox’s integrated access management, ProxLB ensures that users can only define and manage rules for guests they have permission to access.
-
-ProxLB implements affinity and anti-affinity rules through a tag-based system within the Proxmox web interface. Each guest (virtual machine or container) can be assigned specific tags, which then dictate its placement behavior. This method maintains a streamlined and secure approach to managing VM relationships while preserving Proxmox’s inherent permission model.
-
-### Affinity Rules
-<img align="left" src="https://cdn.gyptazy.com/images/proxlb-affinity-rules.jpg"/> Affinity rules are used to group certain VMs together, ensuring that they run on the same host whenever possible. This can be beneficial for workloads requiring low-latency communication, such as clustered databases or application servers that frequently exchange data.
-
-To define an affinity rule which keeps all guests assigned to this tag together on a node, users assign a tag with the prefix `plb_affinity_$TAG`:
-
-#### Example for Screenshot
-```
-plb_affinity_talos
-```
-
-As a result, ProxLB will attempt to place all VMs with the `plb_affinity_web` tag on the same host (see also the attached screenshot with the same node).
-
-### Anti-Affinity Rules
-<img align="left" src="https://cdn.gyptazy.com/images/proxlb-anti-affinity-rules.jpg"/> Conversely, anti-affinity rules ensure that designated VMs do not run on the same physical host. This is particularly useful for high-availability setups, where redundancy is crucial. Ensuring that critical services are distributed across multiple hosts reduces the risk of a single point of failure.
-
-To define an anti-affinity rule that ensures to not move systems within this group to the same node, users assign a tag with the prefix:
-
-#### Example for Screenshot
-```
-plb_anti_affinity_ntp
-```
-
-As a result, ProxLB will try to place the VMs with the `plb_anti_affinity_ntp` tag on different hosts (see also the attached screenshot with the different nodes).
-
-**Note:** While this ensures that ProxLB tries distribute these VMs across different physical hosts within the Proxmox cluster this may not always work. If you have more guests attached to the group than nodes in the cluster, we still need to run them anywhere. If this case occurs, the next one with the most free resources will be selected.
-
-## Maintenance
-<img src="https://cdn.gyptazy.com/images/proxlb-rebalancing-demo.gif"/>
-
-The `maintenance_nodes` option allows operators to designate one or more Proxmox nodes for maintenance mode. When a node is set to maintenance, no new guest workloads will be assigned to it, and all existing workloads will be migrated to other available nodes within the cluster. This process ensures that (anti)-affinity rules and resource availability are respected, preventing disruptions while maintaining optimal performance across the infrastructure.
-
-## Misc
-### Bugs
-Bugs can be reported via the GitHub issue tracker [here](https://github.com/gyptazy/ProxLB/issues). You may also report bugs via email or deliver PRs to fix them on your own. Therefore, you might also see the contributing chapter.
-
-### Contributing
-Feel free to add further documentation, to adjust already existing one or to contribute with code. Please take care about the style guide and naming conventions. You can find more in our [CONTRIBUTING.md](https://github.com/gyptazy/ProxLB/blob/main/CONTRIBUTING.md) file.
-
-### Documentation
-You can also find additional and more detailed documentation within the [docs/](https://github.com/gyptazy/ProxLB/tree/main/docs) directory.
-
-### Support
-If you need assistance or have any questions, we offer support through our dedicated [chat room](https://matrix.to/#/#proxlb:gyptazy.com) in Matrix or [Discord](https://discord.gg/JemGu7WbfQ). Join our community for real-time help, advice, and discussions. The Matrix and Discord room are bridged to ensure that the communication is not splitted - so simply feel free to join which fits most to you!
-
-Connect with us in our dedicated chat room for immediate support and live interaction with other users and developers. You can also visit our [GitHub Community](https://github.com/gyptazy/ProxLB/discussions/) to post your queries, share your experiences, and get support from fellow community members and moderators. You may also just open directly an issue [here](https://github.com/gyptazy/ProxLB/issues) on GitHub.
-
-| Support Channel | Link |
-|------|:------:|
-| Matrix | [#proxlb:gyptazy.com](https://matrix.to/#/#proxlb:gyptazy.com) |
-| Discord | [Discord](https://discord.gg/JemGu7WbfQ) |
-| GitHub Community | [GitHub Community](https://github.com/gyptazy/ProxLB/discussions/)
-| GitHub | [ProxLB GitHub](https://github.com/gyptazy/ProxLB/issues) |
-
-**Note:** Please always keep in mind that this is a one-man show project without any further help. This includes coding, testing, packaging and all the infrastructure around it to keep this project up and running.
-
-### Author(s)
- * Florian Paul Azim Hoberg @gyptazy (https://gyptazy.com)
+## Reasons
+You can find more details about this in [my blog post](https://gyptazy.com/blog/proxlb-project-handover-to-credativ/).

config/proxlb_example.yaml

@@ -1,12 +1,15 @@
 proxmox_api:
-  hosts: ['virt01.example.com', '10.10.10.10', 'fe01::bad:code::cafe']
+  hosts: ['virt01.example.com', '10.10.10.10', 'fe01:bad:code::cafe']
   user: root@pam
   pass: crazyPassw0rd!
   # API Token method
   # token_id: proxlb
   # token_secret: 430e308f-1337-1337-beef-1337beefcafe
-  ssl_verification: False
+  ssl_verification: True
   timeout: 10
+  # API Connection retries
+  # retries: 1
+  # wait_time: 1
 
 proxmox_cluster:
   maintenance_nodes: ['virt66.example.com']
@@ -16,16 +19,71 @@ proxmox_cluster:
 balancing:
   enable: True
   enforce_affinity: False
+  enforce_pinning: False
   parallel: False
+  # If running parallel job, you can define
+  # the amount of prallel jobs (default: 5)
+  parallel_jobs: 1
   live: True
   with_local_disks: True
-  balance_types: ['vm', 'ct']
-  max_job_validation: 1800
-  balanciness: 5
-  method: memory
-  mode: assigned
+  with_conntrack_state: True
+  balance_types: ['vm', 'ct']         # 'vm' | 'ct'
+  max_job_validation: 1800            # Maximum time (in seconds) a job validation may take
+  memory_threshold: 75                # Optional: Maximum threshold (in percent) to trigger balancing actions
+  balanciness: 5                      # Maximum delta of resource usage between highest and lowest usage node
+  method: memory                      # 'memory' | 'cpu' | 'disk'
+  mode: used                          # 'assigned' | 'used' | 'psi'
+  balance_larger_guests_first: False  # Option to prioritize balancing of larger or smaller guests first
+  node_resource_reserve:              # Optional: Define resource reservations for nodes (in GB)
+    defaults:                         # Default reservation values applying to all nodes (unless explicitly overridden)
+      memory: 4                       # Default: 4 GB memory reserved per node
+    node01:                           # Specific node reservation override for node 'node01'
+      memory: 6                       # Specific: 6 GB memory reserved for node 'node01'
+  # # PSI thresholds only apply when using mode 'psi'
+  # psi:
+  #   nodes:
+  #     memory:
+  #       pressure_full: 0.20
+  #       pressure_some: 0.20
+  #       pressure_spikes: 1.00
+  #     cpu:
+  #       pressure_full: 0.20
+  #       pressure_some: 0.20
+  #       pressure_spikes: 1.00
+  #     disk:
+  #       pressure_full: 0.20
+  #       pressure_some: 0.20
+  #       pressure_spikes: 1.00
+  #   guests:
+  #     memory:
+  #       pressure_full: 0.20
+  #       pressure_some: 0.20
+  #       pressure_spikes: 1.00
+  #     cpu:
+  #       pressure_full: 0.20
+  #       pressure_some: 0.20
+  #       pressure_spikes: 1.00
+  #     disk:
+  #       pressure_full: 0.20
+  #       pressure_some: 0.20
+  #       pressure_spikes: 1.00
+  pools:                              # Optional: Define affinity/anti-affinity rules per pool
+    dev:                              # Pool name: dev
+      type: affinity                  # Type: affinity (keeping VMs together)
+    de-nbg01-db:                      # Pool name: de-nbg01-db
+      type: anti-affinity             # Type: anti-affinity (spreading VMs apart)
+      pin:                            # Define a pinning og guests to specific node(s)
+        - virt66
+        - virt77
+      strict: False                   # Disable strict mode of node pinning for this pool
 
 service:
-  daemon: False
-  schedule: 12
-  log_level: DEBUG
+  daemon: True
+  schedule:
+    interval: 12
+    format: hours
+  delay:
+    enable: False
+    time: 1
+    format: hours
+  log_level: INFO

debian/changelog

@@ -0,0 +1,127 @@
+proxlb (1.1.11) stable; urgency=medium
+
+  * Add support for native Proxmox HA/Affinity rules. (Closes: #391)
+  * Add safety guard to avoid node overprovisioning. (Closes: #275)
+  * Fix affinity rules pre-validation (avoid rebalancing if already ensured). (Closes: #335)
+  * Add resource reservation support for PVE nodes. (Closes: #373)
+  * Change/Adjust balancing and sorting behaviour. (Closes: #378)
+  * Add control over balancing workloads by prefering smaller/larger guest objects. (Closes: #387)
+  * Fix pinning of guest and node relations when using pool based pinning. (Closes: #395)
+  * Add validation of HA jobs by fetching the related child jobs. (Closes: #402)
+  * Add support for configuring node-pinning strictness (mode: strict/prefer). (Closes: #406)
+  * Fix that tag based ignored guests got still moved. (Closes: #408)
+  * Add parameter to enforce guest node relationships when pinned even when the cluster is balanced. (Closes: #414)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Mon, 12 Jan 2026 11:11:04 +0001
+
+proxlb (1.1.10) stable; urgency=medium
+
+  * Prevent redundant rebalancing by validating existing affinity enforcement before taking actions. (Closes: #335)
+  * Add safety-guard for PVE 8 users when activating conntrack-aware migrations mistakenly. (Closes: #359)
+  * Fix the Proxmox API connection validation which returned a false-positive logging message of timeouts. (Closes: #361)
+  * Refactored the whole Proxmox API connection function. (Closes: #361)
+  * Fix a crash during PVE resource pool enumeration by skipping members not having a 'name' property. (Closes: #368)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Tue, 25 Nov 2025 09:12:04 +0001
+
+proxlb (1.1.9.1) stable; urgency=medium
+
+  * Fix quoting in f-strings which may cause issues on PVE 8 / Debian Bookworm systems. (Closes: #352)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Thu, 30 Oct 2025 17:41:02 +0001
+
+proxlb (1.1.9) stable; urgency=medium
+
+  * Add pressure (PSI) based balancing for memory, cpu, disk (req. PVE9 or greater). (Closes: #339)
+  * Add (memory) threshold for nodes before running balancing. (Closes: #342)
+  * Add affinity/anti-affinity support by pools. (Closes: #343)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Thu, 30 Oct 2025 06:58:43 +0001
+
+proxlb (1.1.8) stable; urgency=medium
+
+  * Fix API errors when using conntrack aware migration with older PVE version. (Closes: #318)
+  * Add a static ProxLB prefix to the log output when used by journal handler. (Closes: #329)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Thu, 09 Oct 2025 09:04:13 +0002
+
+proxlb (1.1.7) stable; urgency=medium
+
+  * Add conntrack state aware migrations of VMs. (Closes: #305)
+  * Add graceful shutdown for SIGINT command. (Closes: #304)
+  * Fix crash when validating absent migration job ids. (Closes: #308)
+  * Fix guest object names are not being evaluated in debug log. (Closes: #310)
+  * Note: Have a great Dutch Proxmox Day 2025!
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Thu, 04 Sep 2025 19:23:51 +0000
+
+proxlb (1.1.6.1) stable; urgency=medium
+
+  * Validate for node presence when pinning VMs to avoid crashing. (Closes: #296)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Thu, 04 Sep 2025 19:23:51 +0000
+
+proxlb (1.1.6) stable; urgency=medium
+
+  * Add validation for provided API user token id to avoid confusions. (Closes: #291)
+  * Fix stacktrace output when validating permissions on non existing users in Proxmox. (Closes: #291)
+  * Fix Overprovisioning first node if anti_affinity_group has only one member. (Closes: #295)
+  * Validate for node presence when pinning guests to avoid crashing. (Closes: #296)
+  * Fix balancing evaluation of guest types (e.g., VM or CT). (Closes: #268)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Thu, 04 Sep 2025 05:12:19 +0000
+
+proxlb (1.1.5) stable; urgency=medium
+
+  * Allow custom API ports instead of fixed tcp/8006. (Closes: #260)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Mon, 14 Jul 2025 11:07:34 +0000
+
+proxlb (1.1.4) stable; urgency=medium
+
+  * Allow pinning of guests to a group of nodes. (Closes: #245)
+  * Modified log levels to make output lighter at INFO level. (Closes: #255)
+  * ixed an issue where balancing was performed in combination of deactivated balancing and dry-run mode. (Closes: #248)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Fri, 27 Jun 2025 16:22:58 +0000
+
+proxlb (1.1.3) stable; urgency=medium
+
+  * Add relaod (SIGHUP) function to ProxLB to reload the configuration. (Closes: #189)
+  * Add optional wait time parameter to delay execution until the service takes action. (Closes: #239)
+  * Make the amount of parallel migrations configurable. (Closes: #241)
+  * Use the average CPU consumption of a guest within the last 60 minutes instead of the current CPU usage. (Closes: #94)
+  * Align maintenance mode with Proxmox HA maintenance mode. (Closes: #232)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Thu, 19 Jun 2025 09:10:43 +0000
+
+proxlb (1.1.2) stable; urgency=medium
+
+  * Add a configurable retry mechanism when connecting to the Proxmox API. (Closed: #157)
+  * Add 1-to-1 relationships between guest and hypervisor node to ping a guest on a node. (Closes #218)
+  * Force type cast cpu count of guests to int for some corner cases where a str got returned. (Closed #222)
+  * Fix systemd unit file to run after network on non PVE nodes. (Closes #137)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Mon, 13 May 2025 18:12:04 +0000
+
+proxlb (1.1.1) stable; urgency=medium
+
+  * Fix tag evluation for VMs for being ignored for further balancing. (Closes: #163)
+  * Improve logging verbosity of messages that had a wrong servity. (Closes: #165)
+  * Providing the API upstream error message when migration fails in debug mode (Closes: #205)
+  * Change the default behaviour of the daemon mode to active. (Closes: #176)
+  * Change the default banalcing mode to used instead of assigned. (Closes: #180)
+  * Set cpu_used to the cpu usage, which is a percent, times the total number of cores to get a number where guest cpu_used can be added to nodes cpu_used and be meaningful. (Closes: #195)
+  * Honor the value when balancing should not be performed and stop balancing. (Closes: #174)
+  * Allow the use of minutes instead of hours and only accept hours or minutes in the format. (Closes: #187)
+  * Remove hard coded memory usage from lowest usage node and use method and mode specified in configuration instead. (Closes: #197)
+  * Fix the guest type relationship in the logs when a migration job failed. (Closes: #204)
+  * Requery a guest if that running guest reports 0 cpu usage. (Closes: #200)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Sat, 20 Apr 2025 20:55:02 +0000
+
+proxlb (1.1.0) stable; urgency=medium
+
+  * Refactored code base of ProxLB. (Closes: #114)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Mon, 17 Mar 2025 18:55:02 +0000

debian/control

@@ -0,0 +1,12 @@
+Source: proxlb
+Maintainer: Florian Paul Azim Hoberg <gyptazy@gyptazy.com>
+Section: admin
+Priority: optional
+Standards-Version: 4.5.0
+Build-Depends: debhelper-compat (= 13), dh-python, python3-all, python3-setuptools
+
+Package: proxlb
+Architecture: all
+Depends: ${python3:Depends}, ${misc:Depends}, python3-requests, python3-urllib3, python3-packaging, python3-proxmoxer, python3-yaml
+Description: An advanced resource scheduler and load balancer for Proxmox clusters
+ An advanced resource scheduler and load balancer for Proxmox clusters that also supports maintenance mode and affinity/anti-affinity rules.

debian/install

@@ -0,0 +1,2 @@
+proxlb /usr/lib/python3/dist-packages/
+service/proxlb.service /lib/systemd/system/

debian/postinst

@@ -0,0 +1,16 @@
+#!/bin/bash
+set -e
+
+#DEBHELPER#
+if [ "$1" = "configure" ]; then
+    systemctl enable proxlb.service
+    systemctl restart proxlb.service || true
+
+    # Create the 'plb' user if it does not exist
+    if ! id "plb" &>/dev/null; then
+        useradd --system --home /var/lib/proxlb --create-home --shell /usr/sbin/nologin --group nogroup plb
+        echo "User 'plb' created."
+    else
+        echo "User 'plb' already exists, skipping creation."
+    fi
+fi

debian/prerm

@@ -0,0 +1,16 @@
+#!/bin/bash
+set -e
+
+#DEBHELPER#
+if [ "$1" = "remove" ]; then
+    systemctl stop proxlb.service || true
+    systemctl disable proxlb.service || true
+
+    # Remove the 'plb' user if it exists
+    if id "plb" &>/dev/null; then
+        userdel --remove plb
+        echo "User 'plb' removed."
+    else
+        echo "User 'plb' does not exist, skipping removal."
+    fi
+fi

debian/rules

@@ -0,0 +1,4 @@
+#!/usr/bin/make -f
+%:
+	dh $@ --with python3 --buildsystem=pybuild
+

debian/source/format

@@ -0,0 +1 @@
+3.0 (native)

docs/01_requirements.md

@@ -0,0 +1,65 @@
+# Table of Contents
+
+- [Requirements](#requirements)
+- [Where To Run?](#where-to-run)
+
+## Requirements
+ProxLB is a sophisticated load balancer designed to enhance the management and distribution of workloads within a Proxmox cluster. By fully utilizing the Proxmox API, ProxLB eliminates the need for additional SSH access, streamlining cluster management while maintaining robust security. This chapter outlines the general requirements necessary to deploy and operate ProxLB effectively.
+
+### Proxmox Cluster Requirements
+To use ProxLB, you must have an existing Proxmox cluster consisting of at least two nodes. While traditional load balancers often struggle to manage minimal node configurations, ProxLB is optimized to provide efficient load distribution even in a two-node environment. The more nodes present in the cluster, the better ProxLB can optimize resource usage and manage workloads.
+
+### ProxLB Package Requirements
+Next to the previously mentioned requirements, ProxLB also requires you to fit the following ones:
+* Python3.x
+* proxmoxer
+* requests
+* urllib3
+* pyyaml
+
+### Seamless API Integration
+ProxLB relies exclusively on the Proxmox API for all management tasks. This eliminates the need for direct SSH access, ensuring a cleaner and more secure interaction with the cluster. The API integration allows ProxLB to:
+
+- Monitor cluster health and node resource utilization
+- Migrate virtual machines (VMs) and containers as needed
+- Manage storage utilization and distribution
+- Implement load balancing policies
+
+### Authentication and Security Standards
+ProxLB fully supports Proxmox’s integrated user management system, providing robust authentication and access control. Key features include:
+
+- **Multi-Factor Authentication (MFA):** Enhances security by requiring multiple verification methods.
+- **API Key Support:** ProxLB can utilize API keys for authentication instead of traditional username/password combinations, minimizing exposure to credentials.
+- **Role-Based Access Control (RBAC):** Ensures administrators have fine-grained control over user permissions.
+
+### Flexible Storage Support
+ProxLB offers versatile storage management options, supporting both local and shared storage types. It efficiently balances storage workloads across the cluster using the following storage systems:
+
+- **Local Storage:** Direct-attached storage on each node.
+- **Shared Storage:** Includes options like iSCSI, NVMeOF, and NFS for centralized storage solutions.
+- **Ceph:** Integrated support for Ceph distributed storage, providing high availability and fault tolerance.
+
+### Network Infrastructure Requirements
+For optimal performance, ProxLB requires a reliable and high-speed network connection between the nodes in the cluster. Ensure that the network infrastructure meets the following criteria:
+
+- **Low Latency:** Essential for real-time load balancing and VM migration.
+- **Sufficient Bandwidth:** Adequate to handle storage access, data replication, and migration traffic.
+- **Redundant Network Paths:** Recommended for increased fault tolerance and uptime.
+
+### System Resource Allocation
+ProxLB itself requires minimal system resources to operate. However, for managing larger clusters or high workloads, ensure the node running ProxLB has adequate resources available:
+
+- **CPU:** A modern multi-core processor.
+- **Memory:** At least 2 GB of RAM.
+- **Storage:** Minimal disk space for configuration files and logs.
+
+
+## Where To Run?
+ProxLB is lightweight and flexible where it runs on nearly any environment and only needs access to your Proxmox host’s API endpoint (commonly TCP port 8006).
+
+Therefore, you can simply run ProxLB on:
+* Bare-metal Systems
+* VMs (even inside the Proxmox cluster)
+* Docker/Podman Container
+* LXC Container
+* On a Proxmox node

docs/02_installation.md

@@ -0,0 +1,186 @@
+# Table of Contents
+
+- [Installation](#installation)
+  - [Requirements / Dependencies](#requirements--dependencies)
+  - [Debian Package](#debian-package)
+    - [Quick-Start](#quick-start)
+    - [Details](#details)
+    - [Debian Packages (.deb files)](#debian-packages-deb-files)
+    - [Repo Mirror and Proxmox Offline Mirror Support](#repo-mirror-and-proxmox-offline-mirror-support)
+  - [RedHat Package](#redhat-package)
+  - [Container Images / Docker](#container-images--docker)
+    - [Overview of Images](#overview-of-images)
+  - [Source](#source)
+    - [Traditional System](#traditional-system)
+    - [Container Image](#container-image)
+- [Upgrading](#upgrading)
+  - [Upgrading from < 1.1.0](#upgrading-from--110)
+  - [Upgrading from >= 1.1.0](#upgrading-from--110)
+
+
+## Installation
+### Requirements / Dependencies
+* Python3.x
+* proxmoxer
+* requests
+* urllib3
+* pyyaml
+
+The dependencies can simply be installed with `pip` by running the following command:
+```
+pip install -r requirements.txt
+```
+
+*Note: Distribution packages, such like the provided `.deb` package will automatically resolve and install all required dependencies by using already packaged version from the distribution's repository. By using the Docker (container) image or Debian packages, you do not need to take any care of the requirements listed here.*
+
+### Debian Package
+ProxLB is a powerful and flexible load balancer designed to work across various architectures, including `amd64`, `arm64`, `rv64` and many other ones that support Python. It runs independently of the underlying hardware, making it a versatile choice for different environments. This chapter covers the step-by-step process to install ProxLB on Debian-based systems, including Debian clones like Ubuntu.
+
+#### Quick-Start
+You can simply use this snippet to install the repository and to install ProxLB on your system.
+
+```bash
+echo "deb https://repo.gyptazy.com/stable /" > /etc/apt/sources.list.d/proxlb.list
+wget -O /etc/apt/trusted.gpg.d/proxlb.asc https://repo.gyptazy.com/repository.gpg
+apt-get update && apt-get -y install proxlb
+cp /etc/proxlb/proxlb_example.yaml /etc/proxlb/proxlb.yaml
+# Adjust the config to your needs
+vi /etc/proxlb/proxlb.yaml
+systemctl start proxlb
+```
+
+Afterwards, ProxLB is running in the background and balances your cluster by your defined balancing method (default: memory).
+
+#### Details
+ProxLB provides two different repositories:
+* https://repo.gyptazy.com/stable (only stable release)
+* https://repo.gyptazy.com/testing (bleeding edge - not recommended)
+
+The repository is signed and the GPG key can be found at:
+* https://repo.gyptazy.com/repository.gpg
+
+You can also simply import it by running:
+
+```
+# KeyID:  17169F23F9F71A14AD49EDADDB51D3EB01824F4C
+# UID:    gyptazy Solutions Repository <contact@gyptazy.com>
+# SHA256: 52c267e6f4ec799d40cdbdb29fa518533ac7942dab557fa4c217a76f90d6b0f3  repository.gpg
+
+wget -O /etc/apt/trusted.gpg.d/proxlb.asc https://repo.gyptazy.com/repository.gpg
+```
+
+*Note: The defined repositories `repo.gyptazy.com` and `repo.proxlb.de` are the same!*
+
+#### Debian Packages (.deb files)
+If you do not want to use the repository you can also find the debian packages as a .deb file on gyptazy's CDN at:
+* https://cdn.gyptazy.com/files/os/debian/proxlb/
+
+Afterwards, you can simply install the package by running:
+```bash
+dpkg -i proxlb_*.deb
+cp /etc/proxlb/proxlb_example.yaml /etc/proxlb/proxlb.yaml
+# Adjust the config to your needs
+vi /etc/proxlb/proxlb.yaml
+systemctl start proxlb
+```
+
+#### Repo Mirror and Proxmox Offline Mirror Support
+ProxLB uses the supported flat mirror style for the Debian repository. Unfortunately, not all offline-mirror applications support it. One of the known ones is the official *proxmox-offline-mirror* which is unable to handle flat repositories (see also: [#385](https://github.com/gyptazy/ProxLB/issues/385)).
+
+Therefore, we currently operate and support both ways to avoid everyone force switching to the new repository. As a result, you can simply use this repository:
+```
+deb https://repo.gyptazy.com/proxlb stable main
+```
+
+**Example Config for proxmox-offline-mirror:**
+
+An example config for the proxmox-offline-mirror would look like:
+```
+mirror: proxlb
+    architectures amd64
+    base-dir /var/lib/proxmox-offline-mirror/mirrors/
+    key-path /etc/apt/trusted.gpg.d/proxlb.asc
+    repository deb https://repo.gyptazy.com/proxlb stable main
+    sync true
+    verify true
+```
+
+### RedHat Package
+There's currently no official support for RedHat based systems. However, there's a dummy .rpm package for such systems in the pipeline which can be found here:
+* https://github.com/gyptazy/ProxLB/actions/workflows/20-pipeline-build-rpm-package.yml
+
+
+### Container Images / Docker
+Using the ProxLB container images is straight forward and only requires you to mount the config file.
+
+```bash
+# Pull the image
+docker pull cr.gyptazy.com/proxlb/proxlb:latest
+# Download the config
+wget -O proxlb.yaml https://raw.githubusercontent.com/gyptazy/ProxLB/refs/heads/main/config/proxlb_example.yaml
+# Adjust the config to your needs
+vi proxlb.yaml
+# Start the ProxLB container image with the ProxLB config
+docker run -it --rm -v $(pwd)/proxlb.yaml:/etc/proxlb/proxlb.yaml proxlb
+```
+
+*Note: ProxLB container images are officially only available at cr.proxlb.de and cr.gyptazy.com.* 
+
+#### Overview of Images
+| Version | Image |
+|------|:------:|
+| latest | cr.gyptazy.com/proxlb/proxlb:latest |
+| v1.1.0 | cr.gyptazy.com/proxlb/proxlb:v1.1.0 |
+| v1.0.6 | cr.gyptazy.com/proxlb/proxlb:v1.0.6 |
+| v1.0.5 | cr.gyptazy.com/proxlb/proxlb:v1.0.5 |
+| v1.0.4 | cr.gyptazy.com/proxlb/proxlb:v1.0.4 |
+| v1.0.3 | cr.gyptazy.com/proxlb/proxlb:v1.0.3 |
+| v1.0.2 | cr.gyptazy.com/proxlb/proxlb:v1.0.2 |
+| v1.0.0 | cr.gyptazy.com/proxlb/proxlb:v1.0.0 |
+| v0.9.9 | cr.gyptazy.com/proxlb/proxlb:v0.9.9 |
+
+### Source
+ProxLB can also easily be used from the provided sources - for traditional systems but also as a Docker/Podman container image.
+
+#### Traditional System
+Setting up and running ProxLB from the sources is simple and requires just a few commands. Ensure Python 3 and the Python dependencies are installed on your system, then run ProxLB using the following command:
+```bash
+git clone https://github.com/gyptazy/ProxLB.git
+cd ProxLB
+```
+
+Afterwards simply adjust the config file to your needs:
+```bash
+vi config/proxlb.yaml
+```
+
+Start ProxLB by Python3 on the system:
+```bash
+python3 proxlb/main.py -c config/proxlb.yaml
+```
+
+#### Container Image
+Creating a container image of ProxLB is straightforward using the provided Dockerfile. The Dockerfile simplifies the process by automating the setup and configuration required to get ProxLB running in an Alpine container. Simply follow the steps in the Dockerfile to build the image, ensuring all dependencies and configurations are correctly applied. For those looking for an even quicker setup, a ready-to-use ProxLB container image is also available, eliminating the need for manual building and allowing for immediate deployment.
+
+```bash
+git clone https://github.com/gyptazy/ProxLB.git
+cd ProxLB
+docker build -t proxlb .
+```
+
+Afterwards simply adjust the config file to your needs:
+```bash
+vi config/proxlb.yaml
+```
+
+Finally, start the created container.
+```bash
+docker run -it --rm -v $(pwd)/proxlb.yaml:/etc/proxlb/proxlb.yaml proxlb
+```
+
+## Upgrading
+### Upgrading from < 1.1.0
+Upgrading ProxLB is not supported due to a fundamental redesign introduced in version 1.1.x. With this update, ProxLB transitioned from a monolithic application to a pure Python-style project, embracing a more modular and flexible architecture. This shift aimed to improve maintainability and extensibility while keeping up with modern development practices. Additionally, ProxLB moved away from traditional ini-style configuration files and adopted YAML for configuration management. This change simplifies configuration handling, reduces the need for extensive validation, and ensures better type casting, ultimately providing a more streamlined and user-friendly experience.
+
+### Upgrading from >= 1.1.0
+Uprading within the current stable versions, starting from 1.1.0, will be possible in all supported ways.

docs/03_configuration.md

@@ -0,0 +1,377 @@
+# Table of Contents
+
+1. [Authentication / User Accounts / Permissions](#authentication--user-accounts--permissions)
+    1. [Authentication](#authentication)
+    2. [Creating a Dedicated User](#creating-a-dedicated-user)
+    3. [Creating an API Token for a User](#creating-an-api-token-for-a-user)
+    4. [Required Permissions for a User](#required-permissions-for-a-user)
+2. [Configuration](#configuration)
+    1. [Affinity & Anti-Affinity Rules](#affinity--anti-affinity-rules)
+        1. [Affinity Rules](#affinity-rules)
+        2. [Anti-Affinity Rules](#anti-affinity-rules)
+        3. [Affinity / Anti-Affinity Enforcing](#affinity--anti-affinity-enforcing)
+        4. [Ignore VMs](#ignore-vms)
+        5. [Pin VMs to Hypervisor Nodes](#pin-vms-to-hypervisor-nodes)
+    2. [API Loadbalancing](#api-loadbalancing)
+    3. [Ignore Host-Nodes or Guests](#ignore-host-nodes-or-guests)
+    4. [IPv6 Support](#ipv6-support)
+    5. [Logging / Log-Level](#logging--log-level)
+    6. [Parallel Migrations](#parallel-migrations)
+    7. [Run as a Systemd-Service](#run-as-a-systemd-service)
+    8. [SSL Self-Signed Certificates](#ssl-self-signed-certificates)
+    9. [Node Maintenances](#node-maintenances)
+    10. [Balancing Methods](#balancing-methods)
+        1. [Used Resources](#used-resources)
+        2. [Assigned Resources](#assigned-resources)
+        3. [Pressure (PSI) based Resources](#pressure-psi-based-resources)
+
+## Authentication / User Accounts / Permissions
+### Authentication
+ProxLB supports the traditional username and password authentication method, which is familiar to many users. This method requires users to provide their credentials (username and password) to gain access to the Proxmox system. While this method is straightforward and easy to implement, it has several security limitations. Username and password combinations can be vulnerable to brute force attacks, where an attacker systematically attempts various combinations until the correct one is found. If a user's credentials are compromised through phishing, malware, or other means, the attacker can gain unauthorized access to the system. Additionally, traditional authentication does not provide granular control over permissions and access levels, potentially exposing sensitive operations to unauthorized users.
+
+To enhance security, ProxLB supports API token authentication. API tokens are unique identifiers that are used to authenticate API requests. They offer several advantages over traditional username and password authentication. API tokens are more secure as they are typically long, random strings that are difficult to guess. They can be revoked and regenerated as needed, reducing the risk of unauthorized access. API tokens can be associated with specific user accounts that have only the required permissions, ensuring that users only have access to the resources and operations they need. Furthermore, API tokens can be used for automated scripts and applications, facilitating seamless integration with other systems and services.
+
+When Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) is enabled in the Proxmox cluster, the system enforces the use of API tokens for authentication. This is because traditional username and password authentication is not considered secure enough in conjunction with MFA/2FA. To ensure the highest level of security when using API tokens, follow these best practices: Use dedicated user accounts for API tokens, each with only the necessary permissions. This limits the potential impact of a compromised token. Ensure that API tokens are long, random, and unique. Avoid using easily guessable patterns or sequences. Periodically regenerate and replace API tokens to minimize the risk of long-term exposure. Store API tokens securely, using environment variables or secure vaults. Avoid hardcoding tokens in source code or configuration files. Regularly monitor and audit the usage of API tokens to detect any suspicious activity or unauthorized access.
+
+### Creating a Dedicated User
+It is advisable to avoid using the default root@pam user for balancing tasks in ProxLB. Instead, creating a dedicated user account is recommended and can be done easily. You can create a new user through the GUI, API, or CLI. While the detailed roles required for balancing are outlined in the next chapter, you can also use the following CLI commands to create a user with the necessary roles to manage Virtual Machines (VMs) and Containers (CTs):
+
+```
+pveum role add proxlb --privs Datastore.Audit,Sys.Audit,VM.Audit,VM.Migrate
+pveum user add proxlb@pve --password <password>
+pveum acl modify / --roles proxlb --users proxlb@pve
+```
+
+*Note: The user management can also be done on the WebUI without invoking the CLI.*
+
+### Creating an API Token for a User
+Create an API token for user proxlb@pve with token ID proxlb and deactivated privilege separation:
+```
+pveum user token add proxlb@pve proxlb --privsep 0
+```
+
+Afterwards, you get the token secret returned. You can now add those entries to your ProxLB config. Make sure, that you also keep the `user` parameter, next to the new token parameters.
+
+> [!IMPORTANT]  
+> The parameter `pass` then needs to be **absent**! You should also take care about the privilege and authentication mechanism behind Proxmox. You might want or even might not want to use privilege separation and this is up to your personal needs and use case.
+
+| Proxmox API  | ProxLB Config  | Example  |
+|---|---|---|
+| User  | [user](https://github.com/gyptazy/ProxLB/blob/main/config/proxlb_example.yaml#L3) | proxlb@pve  |
+| Token ID  | [token_id](https://github.com/gyptazy/ProxLB/blob/main/config/proxlb_example.yaml#L6) | proxlb  |
+| Token Secret  | [token_secret](https://github.com/gyptazy/ProxLB/blob/main/config/proxlb_example.yaml#L7)  |  430e308f-1337-1337-beef-1337beefcafe |
+
+*Note: The API token configuration can also be done on the WebUI without invoking the CLI.*
+
+### Required Permissions for a User
+To ensure that ProxLB operates effectively and securely, it is essential to assign the appropriate permissions to the user accounts responsible for managing the load balancing tasks. The following permissions are the minimum required for a user to perform essential ProxLB operations:
+
+* `Datastore.Audit`: Grants the ability to audit and view datastore information.
+* `Sys.Audit`: Allows the user to audit and view system information.
+* `VM.Audit`: Enables the user to audit and view virtual machine details.
+* `VM.Migrate`: Provides the permission to migrate virtual machines.
+
+Assigning these permissions ensures that the user can access necessary information and perform critical operations related to load balancing without granting excessive privileges. This practice helps maintain a secure and efficient ProxLB environment.
+
+## Configuration
+
+### Affinity & Anti-Affinity Rules
+ProxLB provides an advanced mechanism to define affinity and anti-affinity rules, enabling precise control over virtual machine (VM) placement. These rules help manage resource distribution, improve high availability configurations, and optimize performance within a Proxmox Virtual Environment (PVE) cluster. By leveraging Proxmox’s integrated access management, ProxLB ensures that users can only define and manage rules for guests they have permission to access.
+
+ProxLB implements affinity and anti-affinity rules through a tag-based system within the Proxmox web interface. Each guest (virtual machine or container) can be assigned specific tags, which then dictate its placement behavior. This method maintains a streamlined and secure approach to managing VM relationships while preserving Proxmox’s inherent permission model.
+
+#### Affinity Rules by Tags
+<img align="left" src="https://cdn.gyptazy.com/img/proxlb-affinity-rules.jpg"/> Affinity rules are used to group certain VMs together, ensuring that they run on the same host whenever possible. This can be beneficial for workloads requiring low-latency communication, such as clustered databases or application servers that frequently exchange data.
+
+To define an affinity rule which keeps all guests assigned to this tag together on a node, users assign a tag with the prefix `plb_affinity_$TAG`:
+
+##### Example for Screenshot
+```
+plb_affinity_talos
+```
+
+As a result, ProxLB will attempt to place all VMs with the `plb_affinity_web` tag on the same host (see also the attached screenshot with the same node).
+
+#### Affinity Rules by Pools
+Antoher approach is by using pools in Proxmox. This way, it can easily also combined with other resources like backup jobs. However, in this approach you need to modify the ProxLB config file to your needs. Within the `balancing` section you can create a dict of pools, including the pool name and the affinity type. Please see the example for further details:
+
+**Example Config**
+```
+balancing:
+  [...]
+  pools:                              # Optional: Define affinity/anti-affinity rules per pool
+    dev:                              # Pool name: dev
+      type: affinity                  # Type: affinity (keeping VMs together)
+```
+
+#### Anti-Affinity Rules by Tags
+<img align="left" src="https://cdn.gyptazy.com/img/proxlb-anti-affinity-rules.jpg"/> Conversely, anti-affinity rules ensure that designated VMs do not run on the same physical host. This is particularly useful for high-availability setups, where redundancy is crucial. Ensuring that critical services are distributed across multiple hosts reduces the risk of a single point of failure.
+
+To define an anti-affinity rule that ensures to not move systems within this group to the same node, users assign a tag with the prefix:
+
+##### Example for Screenshot
+```
+plb_anti_affinity_ntp
+```
+
+As a result, ProxLB will try to place the VMs with the `plb_anti_affinity_ntp` tag on different hosts (see also the attached screenshot with the different nodes).
+
+**Note:** While this ensures that ProxLB tries distribute these VMs across different physical hosts within the Proxmox cluster this may not always work. If you have more guests attached to the group than nodes in the cluster, we still need to run them anywhere. If this case occurs, the next one with the most free resources will be selected.
+
+#### Anti-Affinity Rules by Pools
+Antoher approach is by using pools in Proxmox. This way, it can easily also combined with other resources like backup jobs. However, in this approach you need to modify the ProxLB config file to your needs. Within the `balancing` section you can create a dict of pools, including the pool name and the affinity type. Please see the example for further details:
+
+**Example Config**
+```
+balancing:
+  [...]
+  pools:                              # Optional: Define affinity/anti-affinity rules per pool
+    de-nbg01-db:                      # Pool name: de-nbg01-db
+      type: anti-affinity                  # Type: anti-affinity (spreading VMs apart)
+````
+
+### Affinity / Anti-Affinity Enforcing
+When a cluster is already balanced and does not require further adjustments, enabling the enforce_affinity parameter ensures that affinity and anti-affinity rules are still respected. This parameter prioritizes the placement of guest objects according to these rules, even if it leads to slight resource imbalances or increased migration overhead. Regularly reviewing and updating these rules, along with monitoring cluster performance, helps maintain optimal performance and reliability. By carefully managing these aspects, you can create a cluster environment that meets your specific needs and maintains a good balance of resources.
+
+```
+balancing:
+  enforce_affinity: True
+```
+
+*Note: This may have impacts to the cluster. Depending on the created group matrix, the result may also be an unbalanced cluster.*
+
+### Ignore VMs / CTs
+<img align="left" src="https://cdn.gyptazy.com/img/proxlb-ignore-vm-movement.jpg"/> Guests, such as VMs or CTs, can also be completely ignored. This means, they won't be affected by any migration (even when (anti-)affinity rules are enforced). To ensure a proper resource evaluation, these guests are still collected and evaluated but simply skipped for balancing actions. Another thing is the implementation. While ProxLB might have a very restricted configuration file including the file permissions, this file is only read- and writeable by the Proxmox administrators. However, we might have user and groups who want to define on their own that their systems shouldn't be moved. Therefore, these users can simpy set a specific tag to the guest object - just like the (anti)affinity rules.
+
+To define a guest to be ignored from the balancing, users assign a tag with the prefix `plb_ignore_$TAG`:
+
+#### Example for Screenshot
+```
+plb_ignore_dev
+```
+
+As a result, ProxLB will not migrate this guest with the `plb_ignore_dev` tag to any other node.
+
+**Note:** Ignored guests are really ignored. Even by enforcing affinity rules this guest will be ignored.
+
+### Pin VMs to Specific Hypervisor Nodes
+<img align="left" src="https://cdn.gyptazy.com/images/proxlb-tag-node-pinning.jpg"/> Guests, such as VMs or CTs, can also be pinned to specific nodes in the cluster. This might be usefull when running applications with some special licensing requirements that are only fulfilled on certain nodes. It might also be interesting, when some physical hardware is attached to a node, that is not available in general within the cluster.
+
+To pin a guest to a specific cluster node, users assign a tag with the prefix `plb_pin_$nodename` to the desired guest:
+
+#### Example for Screenshot
+```
+plb_pin_node03
+```
+
+As a result, ProxLB will pin the guest `dev-vm01` to the node `virt03`.
+
+You can also repeat this step multiple times for different node names to create a potential group of allowed hosts where a the guest may be served on. In this case, ProxLB takes the node with the lowest used resources according to the defined balancing values from this group.
+
+**Note:** The given node names from the tag are validated. This means, ProxLB validated if the given node name is really part of the cluster. In case of a wrongly defined or unavailable node name it continous to use the regular processes to make sure the guest keeps running.
+
+### API Loadbalancing
+ProxLB supports API loadbalancing, where one or more host objects can be defined as a list. This ensures, that you can even operator ProxLB without further changes when one or more nodes are offline or in a maintenance. When defining multiple hosts, the first reachable one will be picked. You can speficy custom ports in the list. There are 4 ways of defining hosts with ports:
+1. Hostname of IPv4 without port (in this case the default 8006 will be used)
+2. Hostname or IPv4 with port
+3. IPv6 in brackets with optional port
+4. IPv6 without brackets, in this case the port is assumed after last colon
+
+```
+proxmox_api:
+  hosts: ['virt01.example.com', '10.10.10.10', 'fe01::bad:code::cafe', 'virt01.example.com:443', '[fc00::1]', '[fc00::1]:443', 'fc00::1:8006']
+```
+
+### Ignore Host-Nodes or Guests
+In managing a Proxmox environment, it's often necessary to exclude certain host nodes and guests from various operations. For host nodes, this exclusion can be achieved by specifying them in the ignore_nodes parameter within the proxmox_api chapter, effectively preventing any automated processes from interacting with these nodes. Guests, on the other hand, can be ignored by assigning them a specific tag that starts with or is equal to plb_ignore, ensuring they are omitted from any automated tasks or monitoring. By implementing these configurations, administrators can fine-tune their Proxmox management to focus only on relevant nodes and guests, optimizing operational efficiency and resource allocation.
+
+```
+proxmox_cluster:
+  ignore_nodes: ['node01', 'node02']
+```
+
+### IPv6 Support
+Yes, ProxLB fully supports IPv6.
+
+### Logging / Log-Level
+ProxLB supports systemd for seamless service management on Linux distributions. To enable this, create a proxLB.service file in /etc/systemd/system/ from `service/proxlb.service` within this repository.
+
+On systems without systemd, such as FreeBSD and macOS, ProxLB runs with similar configurations but logs to stdout and stderr. The logging level and verbosity can be set in the `service` section of the configuration file:
+
+```
+service:
+  log_level: DEBUG
+```
+
+ProxLB only support the following log levels:
+* INFO
+* WARNING
+* CRITICAL
+* DEBUG
+
+### Parallel Migrations
+By default, parallel migrations are deactivated. This means, that a guest object gets migrated and the migration job is being watched until the VM or CT got moved to a new node. However, this may take a lot of time and many environments are fast enough to handle the IO load for multiple guest objects. However, there are always corner cases and this depends on your setup. Parallel migrations can be enabled by setting `parallel` to `True` within the `balancing` chapter:
+
+```
+balancing:
+  parallel: False
+```
+
+### Run as a Systemd-Service
+The proxlb systemd unit orchestrates the ProxLB application. ProxLB can be used either as a one-shot solution or run periodically, depending on the configuration specified in the daemon chapter of its configuration file.
+
+```
+service:
+  daemon: False
+    schedule:
+      interval: 12
+      format: hours
+```
+
+In this configuration:
+* `daemon`: False indicates that the ProxLB application is not running as a daemon and will execute as a one-shot solution.
+* `schedule`: 12 defines the interval for the schedule, specifying how often rebalancing should be done if running as a daemon.
+* `format`: Defines the given format of schedule where you can choose between `hours` or `minutes`.
+
+### SSL Self-Signed Certificates
+If you are using SSL self-signed certificates or non-valid certificated in general and do not want to deal with additional trust levels, you may also disable the SSL validation. This may mostly be helpful for dev- & test labs.
+
+SSL certificate validation can be disabled in the `proxmox_api` section in the config file by setting:
+```
+proxmox_api:
+    ssl_verification: False
+```
+
+*Note: Disabling SSL certificate validation is not recommended.*
+
+### Node Maintenances
+To exclude specific nodes from receiving any new workloads during the balancing process, the `maintenance_nodes` configuration option can be used. This option allows administrators to define a list of nodes that are currently undergoing maintenance or should otherwise not be used for running virtual machines or containers.
+
+```yaml
+maintenance_nodes:
+  - virt66.example.com
+```
+
+which can also be written as:
+
+```yaml
+maintenance_nodes: ['virt66.example.com']
+```
+
+The maintenance_nodes key must be defined as a list, even if it only includes a single node. Each entry in the list must exactly match the node name as it is known within the Proxmox VE cluster. Do not use IP addresses, alternative DNS names, or aliases—only the actual cluster node names are valid. Once a node is marked as being in maintenance mode:
+
+* No new workloads will be balanced or migrated onto it.
+* Any existing workloads currently running on the node will be migrated away in accordance with the configured balancing strategies, assuming resources on other nodes allow. 
+
+This feature is particularly useful during planned maintenance, upgrades, or troubleshooting, ensuring that services continue to run with minimal disruption while the specified node is being worked on.
+
+## 10. Balancing Methods
+ProxLB provides multiple balancing modes that define *how* resources are evaluated and compared during cluster balancing.
+Each mode reflects a different strategy for determining load and distributing guests (VMs or containers) between nodes.
+
+Depending on your environment, provisioning strategy, and performance goals, you can choose between:
+
+| Mode | Description | Typical Use Case |
+|------|--------------|------------------|
+| `used` | Uses the *actual runtime resource usage* (e.g. CPU, memory, disk). | Dynamic or lab environments with frequent workload changes and tolerance for overprovisioning. |
+| `assigned` | Uses the *statically defined resource allocations* from guest configurations. | Production or SLA-driven clusters that require guaranteed resources and predictable performance. |
+| `psi` | Uses Linux *Pressure Stall Information (PSI)* metrics to evaluate real system contention and pressure. | Advanced clusters that require pressure-aware decisions for proactive rebalancing. |
+
+### 10.1 Used Resources
+When **mode: `used`** is configured, ProxLB evaluates the *real usage metrics* of guest objects (VMs and CTs).
+It collects the current CPU, memory, and disk usage directly from the Proxmox API to determine the *actual consumption* of each guest and node.
+
+This mode is ideal for **dynamic environments** where workloads frequently change and **overprovisioning is acceptable**. It provides the most reactive balancing behavior, since decisions are based on live usage instead of static assignment.
+
+Typical scenarios include:
+- Production environments to distribute workloads across the nodes.
+- Test or development clusters with frequent VM changes.
+- Clusters where resource spikes are short-lived.
+- Environments where slight resource contention is tolerable.
+
+#### Example Configuration
+```yaml
+balancing:
+  mode: used
+```
+
+### 10.2 Assigned Resources
+When **mode: `assigned`** is configured, ProxLB evaluates the *provisioned or allocated resources* of each guest (VM or CT) instead of their runtime usage.
+It uses data such as **CPU cores**, **memory limits**, and **disk allocations** defined in Proxmox to calculate how much of each node’s capacity is reserved.
+
+This mode is ideal for **production clusters** where:
+- Overcommitment is *not allowed or only minimally tolerated*.
+- Each node’s workload is planned based on the assigned capacities.
+- Administrators want predictable resource distribution aligned with provisioning policies.
+
+Unlike the `used` mode, `assigned` focuses purely on the *declared configuration* of guests and remains stable even if actual usage varies temporarily.
+
+Typical scenarios include:
+- Enterprise environments with SLA or QoS requirements.
+- Clusters where workloads are sized deterministically.
+- Situations where consistent node utilization and capacity awareness are crucial.
+
+#### Example Configuration
+```yaml
+balancing:
+  mode: assigned
+```
+
+### 10.3 Pressure (PSI) based Resources
+> [!IMPORTANT]
+> PSI based balancing is still in beta! If you find any bugs, please raise an issue including metrics of all nodes and affected guests. You can provide metrics directly from PVE or Grafana (via node_exporter or pve_exporter).
+
+When **mode: `psi`** is configured, ProxLB uses the **Linux Pressure Stall Information (PSI)** interface to measure the *real-time pressure* on system resources such as **CPU**, **memory**, and **disk I/O**.
+Unlike the `used` or `assigned` modes, which rely on static or average metrics, PSI provides *direct insight into how often and how long tasks are stalled* because of insufficient resources.
+
+This enables ProxLB to make **proactive balancing decisions** — moving workloads *before* performance degradation becomes visible to the user.
+
+**IMPORTANT**: Predicting distributing workloads is dangerous and might not result into the expected state. Therefore, ProxLB migrates only a single instance each 60 minutes to obtain new real-metrics and to validate if further changes are required. Keep in mind, that migrations are also costly and should be avoided as much as possible.
+
+PSI metrics are available for both **nodes** and **guest objects**, allowing fine-grained balancing decisions:
+- **Node-level PSI:** Detects cluster nodes under systemic load or contention.
+- **Guest-level PSI:** Identifies individual guests suffering from memory, CPU, or I/O stalls.
+
+### PSI Metrics Explained
+Each monitored resource defines three pressure thresholds:
+| Key | Description |
+|-----|--------------|
+| `pressure_some` | Indicates partial stall conditions where some tasks are waiting for a resource. |
+| `pressure_full` | Represents complete stall conditions where *all* tasks are blocked waiting for a resource. |
+| `pressure_spikes` | Defines short-term burst conditions that may signal saturation spikes. |
+
+These thresholds are expressed in **percentages** and represent how much time the kernel reports stalls over specific averaging windows (e.g. 5s, 10s, 60s).
+
+### Example Configuration
+
+```yaml
+balancing:
+  mode: psi
+  psi:
+    nodes:
+      memory:
+        pressure_full: 0.20
+        pressure_some: 0.20
+        pressure_spikes: 1.00
+      cpu:
+        pressure_full: 0.20
+        pressure_some: 0.20
+        pressure_spikes: 1.00
+      disk:
+        pressure_full: 0.20
+        pressure_some: 0.20
+        pressure_spikes: 1.00
+    guests:
+      memory:
+        pressure_full: 0.20
+        pressure_some: 0.20
+        pressure_spikes: 1.00
+      cpu:
+        pressure_full: 0.20
+        pressure_some: 0.20
+        pressure_spikes: 1.00
+      disk:
+        pressure_full: 0.20
+        pressure_some: 0.20
+        pressure_spikes: 1.00
+```

docs/99-faq.md

@@ -0,0 +1,24 @@
+## Table of Contents
+
+1. [GUI Integration](#gui-integration)
+    - [How to install pve-proxmoxlb-service-ui package](https://github.com/gyptazy/ProxLB/issues/44)
+2. [Proxmox HA Integration](#proxmox-ha-integration)
+    - [Host groups: Honour HA groups](https://github.com/gyptazy/ProxLB/issues/65)
+
+### GUI Integration
+<img align="left" src="https://cdn.gyptazy.com/images/proxlb-GUI-integration.jpg"/> ProxLB can also be accessed through the Proxmox Web UI by installing the optional `pve-proxmoxlb-service-ui` package, which depends on the proxlb package. For full Web UI integration, this package must be installed on all nodes within the cluster. Once installed, a new menu item - `Rebalancing`, appears in the cluster level under the HA section. Once installed, it offers two key functionalities:
+* Rebalancing VM workloads
+* Migrate VM workloads away from a defined node (e.g. maintenance preparation)
+
+**Note:** This package is currently discontinued and will be readded at a later time. See also: [#44: How to install pve-proxmoxlb-service-ui package](https://github.com/gyptazy/ProxLB/issues/44).
+
+### Proxmox HA Integration
+Proxmox HA (High Availability) groups are designed to ensure that virtual machines (VMs) remain running within a Proxmox cluster. HA groups define specific rules for where VMs should be started or migrated in case of node failures, ensuring minimal downtime and automatic recovery.
+
+However, when used in conjunction with ProxLB, the built-in load balancer for Proxmox, conflicts can arise. ProxLB operates with its own logic for workload distribution, taking into account affinity and anti-affinity rules. While it effectively balances guest workloads, it may re-shift and redistribute VMs in a way that does not align with HA group constraints, potentially leading to unsuitable placements.
+
+Due to these conflicts, it is currently not recommended to use both HA groups and ProxLB simultaneously. The interaction between the two mechanisms can lead to unexpected behavior, where VMs might not adhere to HA group rules after being moved by ProxLB.
+
+A solution to improve compatibility between HA groups and ProxLB is under evaluation, aiming to ensure that both features can work together without disrupting VM placement strategies.
+
+See also: [#65: Host groups: Honour HA groups](https://github.com/gyptazy/ProxLB/issues/65).

helm/proxlb/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: proxlb
+description: A Helm chart for self-hosted ProxLB
+type: application
+version: "1.1.11"
+appVersion: "v1.1.11"

helm/proxlb/templates/_helpers.yaml

@@ -0,0 +1,13 @@
+{{- define "proxlb.fullname" -}}
+{{- printf "%s-%s" .Release.Name .Chart.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{ define "proxlb.labels" }}
+app.kubernetes.io/name: {{ .Release.Name }}
+app.kubernetes.io/managed-by: Helm
+app.kubernetes.io/version: {{ .Chart.AppVersion }}
+app.kubernetes.io/component: proxlb
+{{- if .Values.labels }}
+{{ toYaml .Values.labels }}
+{{- end }}
+{{ end }}

helm/proxlb/templates/configmap.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.configmap.create }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: proxlb-config
+  labels:
+    {{- include "proxlb.labels" . | nindent 4 }}
+data:
+  proxlb.yaml: |
+{{ toYaml .Values.configmap.config | indent 4 }}
+{{ end }}

helm/proxlb/templates/deployment.yaml

@@ -0,0 +1,44 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    {{- include "proxlb.labels" . | nindent 4 }}
+spec:
+  replicas: 1 # Number of replicas cannot be more than 1
+  selector:
+    matchLabels:
+      {{- include "proxlb.labels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "proxlb.labels" . | nindent 8 }}
+    spec:
+      {{- with .Values.image.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      # not interacting with the k8s cluster
+      automountServiceAccountToken: False
+      containers:
+      - name: proxlb
+        image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+        {{- if .Values.extraArgs.dryRun }}
+          - --dry-run
+        {{- end }}
+        volumeMounts:
+          - name: config
+            mountPath: /etc/proxlb/proxlb.yaml
+            subPath: proxlb.yaml
+        {{ if .Values.resources }}
+        resources:
+          {{ with .Values.resources }}
+            {{ toYaml . | nindent 10 }}
+          {{ end }}
+        {{ end }}
+      volumes:
+        - name: config
+          configMap:
+            name: proxlb-config