From 28e34f523448a17a997b0148edf54e1286047aa8 Mon Sep 17 00:00:00 2001 From: Andrew Gershman Date: Wed, 3 Jan 2024 13:19:56 -0500 Subject: [PATCH] feat(vertical-pod-autoscaler): Support recommender only deployment Supports a mode of deployment where only the recommender is deployed and the updater and admission controller and not. This provides for a cleaner deployment as opposed to the current state where you can only scale these deployments down to 0. E.g. In the case that alerting has been setup, special casing isn't needed to account for a deployment that's meant to have replicas set at 0. Signed-off-by: Andrew Gershman --- charts/vertical-pod-autoscaler/CHANGELOG.md | 6 ++++++ charts/vertical-pod-autoscaler/README.md | 3 ++- .../templates/admission-controller/certificate.yaml | 2 +- .../templates/admission-controller/deployment.yaml | 2 ++ .../templates/admission-controller/pdb.yaml | 2 +- .../templates/admission-controller/service.yaml | 2 ++ .../admission-controller/serviceaccount.yaml | 2 +- .../admission-controller/servicemonitor.yaml | 2 +- .../templates/admission-controller/webhook.yaml | 2 ++ charts/vertical-pod-autoscaler/templates/rbac.yaml | 12 ++++++++++++ .../templates/updater/deployment.yaml | 2 ++ .../templates/updater/pdb.yaml | 2 +- .../templates/updater/service.yaml | 2 +- .../templates/updater/serviceaccount.yaml | 2 +- .../templates/updater/servicemonitor.yaml | 2 +- charts/vertical-pod-autoscaler/values.yaml | 3 +++ 16 files changed, 39 insertions(+), 9 deletions(-) diff --git a/charts/vertical-pod-autoscaler/CHANGELOG.md b/charts/vertical-pod-autoscaler/CHANGELOG.md index 74e3b4b6..16a79efa 100644 --- a/charts/vertical-pod-autoscaler/CHANGELOG.md +++ b/charts/vertical-pod-autoscaler/CHANGELOG.md @@ -20,6 +20,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [UNRELEASED] +## [v1.5.0] - 2024-01-05 + +### Added + +- Added `recommenderOnly` to allow for deployment of only the _VPA Recommender_. + ## [v1.4.0] - 2023-10-31 ### Changed diff --git a/charts/vertical-pod-autoscaler/README.md b/charts/vertical-pod-autoscaler/README.md index 4f2c86f5..81b195de 100644 --- a/charts/vertical-pod-autoscaler/README.md +++ b/charts/vertical-pod-autoscaler/README.md @@ -69,7 +69,8 @@ The following table lists the configurable parameters of the _Vertical Pod Autos | `admissionController.webhook.name` | Name of the admission controller webhook. | `vpa-webhook-config` | | `admissionController.certManager.enabled` | If `true`, use _Cert Manager_ to create and manage the certificates for the webhook. | `false` | | `admissionController.certManager.issuerKind` | The type of issuer that `admissionController.certManager.issuerName` refers to. | `Issuer` | -| `admissionController.certManager.issuerName` | If set, the _Cert Manager_ certificate will be configued to use this issuer. | `null` | +| `admissionController.certManager.issuerName` | If set, the _Cert Manager_ certificate will be configured to use this issuer. | +| `recommenderOnly` | If `true`, only deploy the VPA recommender. This is useful if you're only wanting to use VPA for resource recommendations. | `false` | | `recommender.serviceAccount.create` | If `true`, create a new `ServiceAccount` for the recommender pod. | `true` | | `recommender.serviceAccount.labels` | Labels to add to the recommender `ServiceAccount`. | `{}` | | `recommender.serviceAccount.annotations` | Annotations to add to the recommender `ServiceAccount`. | `{}` | diff --git a/charts/vertical-pod-autoscaler/templates/admission-controller/certificate.yaml b/charts/vertical-pod-autoscaler/templates/admission-controller/certificate.yaml index 09c7c4ba..e31d0c12 100644 --- a/charts/vertical-pod-autoscaler/templates/admission-controller/certificate.yaml +++ b/charts/vertical-pod-autoscaler/templates/admission-controller/certificate.yaml @@ -1,4 +1,4 @@ -{{- if .Values.admissionController.certManager.enabled -}} +{{- if and (not .Values.recommenderOnly) .Values.admissionController.certManager.enabled -}} {{- if not .Values.admissionController.certManager.issuerName }} apiVersion: cert-manager.io/v1 kind: Issuer diff --git a/charts/vertical-pod-autoscaler/templates/admission-controller/deployment.yaml b/charts/vertical-pod-autoscaler/templates/admission-controller/deployment.yaml index bbbc7145..03a62f84 100644 --- a/charts/vertical-pod-autoscaler/templates/admission-controller/deployment.yaml +++ b/charts/vertical-pod-autoscaler/templates/admission-controller/deployment.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.recommenderOnly -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -109,3 +110,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/admission-controller/pdb.yaml b/charts/vertical-pod-autoscaler/templates/admission-controller/pdb.yaml index 609162fa..9ad5b9d0 100644 --- a/charts/vertical-pod-autoscaler/templates/admission-controller/pdb.yaml +++ b/charts/vertical-pod-autoscaler/templates/admission-controller/pdb.yaml @@ -1,4 +1,4 @@ -{{- if .Values.admissionController.podDisruptionBudget.enabled -}} +{{- if and (not .Values.recommenderOnly) .Values.admissionController.podDisruptionBudget.enabled -}} apiVersion: {{ include "vertical-pod-autoscaler.pdb.apiVersion" . }} kind: PodDisruptionBudget metadata: diff --git a/charts/vertical-pod-autoscaler/templates/admission-controller/service.yaml b/charts/vertical-pod-autoscaler/templates/admission-controller/service.yaml index dbad67da..0950aa37 100644 --- a/charts/vertical-pod-autoscaler/templates/admission-controller/service.yaml +++ b/charts/vertical-pod-autoscaler/templates/admission-controller/service.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.recommenderOnly -}} apiVersion: v1 kind: Service metadata: @@ -20,3 +21,4 @@ spec: targetPort: http-metrics selector: {{- include "vertical-pod-autoscaler.admissionController.selectorLabels" . | nindent 4 }} +{{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/admission-controller/serviceaccount.yaml b/charts/vertical-pod-autoscaler/templates/admission-controller/serviceaccount.yaml index e84157b0..7324d746 100644 --- a/charts/vertical-pod-autoscaler/templates/admission-controller/serviceaccount.yaml +++ b/charts/vertical-pod-autoscaler/templates/admission-controller/serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if .Values.admissionController.serviceAccount.create -}} +{{- if and (not .Values.recommenderOnly) .Values.admissionController.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/charts/vertical-pod-autoscaler/templates/admission-controller/servicemonitor.yaml b/charts/vertical-pod-autoscaler/templates/admission-controller/servicemonitor.yaml index 48c3dd58..aa2b7b74 100644 --- a/charts/vertical-pod-autoscaler/templates/admission-controller/servicemonitor.yaml +++ b/charts/vertical-pod-autoscaler/templates/admission-controller/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if .Values.serviceMonitor.enabled -}} +{{- if and (not .Values.recommenderOnly) .Values.serviceMonitor.enabled -}} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/vertical-pod-autoscaler/templates/admission-controller/webhook.yaml b/charts/vertical-pod-autoscaler/templates/admission-controller/webhook.yaml index 691ffbec..cb3522c0 100644 --- a/charts/vertical-pod-autoscaler/templates/admission-controller/webhook.yaml +++ b/charts/vertical-pod-autoscaler/templates/admission-controller/webhook.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.recommenderOnly -}} {{- $tls := fromYaml (include "vertical-pod-autoscaler.admissionController.webhookCert" .) -}} {{- if not .Values.admissionController.certManager.enabled }} apiVersion: v1 @@ -46,3 +47,4 @@ webhooks: apiGroups: ["autoscaling.k8s.io"] apiVersions: ["*"] resources: ["verticalpodautoscalers"] +{{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/rbac.yaml b/charts/vertical-pod-autoscaler/templates/rbac.yaml index a8fc2bee..b233723f 100644 --- a/charts/vertical-pod-autoscaler/templates/rbac.yaml +++ b/charts/vertical-pod-autoscaler/templates/rbac.yaml @@ -173,6 +173,7 @@ rules: - get - list - watch +{{ if not .Values.recommenderOnly }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -227,6 +228,7 @@ rules: - get - list - watch +{{ end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -273,9 +275,11 @@ subjects: - kind: ServiceAccount name: {{ include "vertical-pod-autoscaler.recommender.serviceAccountName" . }} namespace: {{ .Release.Namespace }} + {{- if not .Values.recommenderOnly }} - kind: ServiceAccount name: {{ include "vertical-pod-autoscaler.updater.serviceAccountName" . }} namespace: {{ .Release.Namespace }} + {{ end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -321,12 +325,15 @@ subjects: - kind: ServiceAccount name: {{ include "vertical-pod-autoscaler.recommender.serviceAccountName" . }} namespace: {{ .Release.Namespace }} + {{- if not .Values.recommenderOnly }} - kind: ServiceAccount name: {{ include "vertical-pod-autoscaler.admissionController.serviceAccountName" . }} namespace: {{ .Release.Namespace }} - kind: ServiceAccount name: {{ include "vertical-pod-autoscaler.updater.serviceAccountName" . }} namespace: {{ .Release.Namespace }} + {{ end }} +{{ if not .Values.recommenderOnly }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -342,6 +349,8 @@ subjects: - kind: ServiceAccount name: {{ include "vertical-pod-autoscaler.updater.serviceAccountName" . }} namespace: {{ .Release.Namespace }} +{{ end }} +{{ if not .Values.recommenderOnly }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -357,6 +366,8 @@ subjects: - kind: ServiceAccount name: {{ include "vertical-pod-autoscaler.admissionController.serviceAccountName" . }} namespace: {{ .Release.Namespace }} +{{ end }} +{{ if not .Values.recommenderOnly }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -372,4 +383,5 @@ subjects: - kind: ServiceAccount name: {{ include "vertical-pod-autoscaler.updater.serviceAccountName" . }} namespace: {{ .Release.Namespace }} +{{ end }} {{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/updater/deployment.yaml b/charts/vertical-pod-autoscaler/templates/updater/deployment.yaml index 1d4f11a3..1280a6ac 100644 --- a/charts/vertical-pod-autoscaler/templates/updater/deployment.yaml +++ b/charts/vertical-pod-autoscaler/templates/updater/deployment.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.recommenderOnly -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -93,3 +94,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/updater/pdb.yaml b/charts/vertical-pod-autoscaler/templates/updater/pdb.yaml index a43bb2f5..93be3fdd 100644 --- a/charts/vertical-pod-autoscaler/templates/updater/pdb.yaml +++ b/charts/vertical-pod-autoscaler/templates/updater/pdb.yaml @@ -1,4 +1,4 @@ -{{- if .Values.updater.podDisruptionBudget.enabled -}} +{{- if and (not .Values.recommenderOnly) .Values.updater.podDisruptionBudget.enabled -}} apiVersion: {{ include "vertical-pod-autoscaler.pdb.apiVersion" . }} kind: PodDisruptionBudget metadata: diff --git a/charts/vertical-pod-autoscaler/templates/updater/service.yaml b/charts/vertical-pod-autoscaler/templates/updater/service.yaml index 52289ccc..5ec0366a 100644 --- a/charts/vertical-pod-autoscaler/templates/updater/service.yaml +++ b/charts/vertical-pod-autoscaler/templates/updater/service.yaml @@ -1,4 +1,4 @@ -{{- if .Values.serviceMonitor.enabled -}} +{{- if and (not .Values.recommenderOnly) .Values.serviceMonitor.enabled -}} apiVersion: v1 kind: Service metadata: diff --git a/charts/vertical-pod-autoscaler/templates/updater/serviceaccount.yaml b/charts/vertical-pod-autoscaler/templates/updater/serviceaccount.yaml index 5d5f10df..d0bbde7a 100644 --- a/charts/vertical-pod-autoscaler/templates/updater/serviceaccount.yaml +++ b/charts/vertical-pod-autoscaler/templates/updater/serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if .Values.updater.serviceAccount.create -}} +{{- if and (not .Values.recommenderOnly) .Values.updater.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/charts/vertical-pod-autoscaler/templates/updater/servicemonitor.yaml b/charts/vertical-pod-autoscaler/templates/updater/servicemonitor.yaml index c5a109bf..f8e208d9 100644 --- a/charts/vertical-pod-autoscaler/templates/updater/servicemonitor.yaml +++ b/charts/vertical-pod-autoscaler/templates/updater/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if .Values.serviceMonitor.enabled -}} +{{- if and (not .Values.recommenderOnly) .Values.serviceMonitor.enabled -}} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/vertical-pod-autoscaler/values.yaml b/charts/vertical-pod-autoscaler/values.yaml index 1839e74c..e6999ad6 100644 --- a/charts/vertical-pod-autoscaler/values.yaml +++ b/charts/vertical-pod-autoscaler/values.yaml @@ -19,6 +19,9 @@ serviceMonitor: logLevel: 4 +# Only deploy the recommender +recommenderOnly: false + admissionController: image: repository: registry.k8s.io/autoscaling/vpa-admission-controller