From 8d00ef9ad1c9df816efbd71075e8ba0edd0c5ccc Mon Sep 17 00:00:00 2001 From: Andrew Gershman Date: Wed, 3 Jan 2024 13:19:56 -0500 Subject: [PATCH] feat(vertical-pod-autoscaler): Support recommender only deployment Supports a mode of deployment where only the recommender is deployed and the updater and admission controller and not. This provides for a cleaner deployment as opposed to the current state where you can only scale these deployments down to 0. E.g. In the case that alerting has been setup, special casing isn't needed to account for a deployment that's meant to have replicas set at 0. Signed-off-by: Andrew Gershman --- .../templates/admission-controller/certificate.yaml | 2 ++ .../templates/admission-controller/deployment.yaml | 2 ++ .../templates/admission-controller/pdb.yaml | 2 ++ .../templates/admission-controller/service.yaml | 2 ++ .../admission-controller/serviceaccount.yaml | 2 ++ .../admission-controller/servicemonitor.yaml | 2 ++ .../templates/admission-controller/webhook.yaml | 2 ++ charts/vertical-pod-autoscaler/templates/rbac.yaml | 12 ++++++++++++ .../templates/updater/deployment.yaml | 2 ++ .../templates/updater/pdb.yaml | 2 ++ .../templates/updater/service.yaml | 2 ++ .../templates/updater/serviceaccount.yaml | 2 ++ .../templates/updater/servicemonitor.yaml | 2 ++ charts/vertical-pod-autoscaler/values.yaml | 3 +++ 14 files changed, 39 insertions(+) diff --git a/charts/vertical-pod-autoscaler/templates/admission-controller/certificate.yaml b/charts/vertical-pod-autoscaler/templates/admission-controller/certificate.yaml index 09c7c4ba..a130512f 100644 --- a/charts/vertical-pod-autoscaler/templates/admission-controller/certificate.yaml +++ b/charts/vertical-pod-autoscaler/templates/admission-controller/certificate.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.recommenderOnly -}} {{- if .Values.admissionController.certManager.enabled -}} {{- if not .Values.admissionController.certManager.issuerName }} apiVersion: cert-manager.io/v1 @@ -28,3 +29,4 @@ spec: name: {{ include "vertical-pod-autoscaler.admissionController.webhookCertIssuerName" . }} secretName: {{ include "vertical-pod-autoscaler.admissionController.webhookCertSecret" . }} {{- end -}} +{{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/admission-controller/deployment.yaml b/charts/vertical-pod-autoscaler/templates/admission-controller/deployment.yaml index bbbc7145..03a62f84 100644 --- a/charts/vertical-pod-autoscaler/templates/admission-controller/deployment.yaml +++ b/charts/vertical-pod-autoscaler/templates/admission-controller/deployment.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.recommenderOnly -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -109,3 +110,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/admission-controller/pdb.yaml b/charts/vertical-pod-autoscaler/templates/admission-controller/pdb.yaml index 609162fa..75fb70f3 100644 --- a/charts/vertical-pod-autoscaler/templates/admission-controller/pdb.yaml +++ b/charts/vertical-pod-autoscaler/templates/admission-controller/pdb.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.recommenderOnly -}} {{- if .Values.admissionController.podDisruptionBudget.enabled -}} apiVersion: {{ include "vertical-pod-autoscaler.pdb.apiVersion" . }} kind: PodDisruptionBudget @@ -17,3 +18,4 @@ spec: maxUnavailable: {{ .Values.admissionController.podDisruptionBudget.maxUnavailable }} {{- end }} {{- end -}} +{{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/admission-controller/service.yaml b/charts/vertical-pod-autoscaler/templates/admission-controller/service.yaml index dbad67da..0950aa37 100644 --- a/charts/vertical-pod-autoscaler/templates/admission-controller/service.yaml +++ b/charts/vertical-pod-autoscaler/templates/admission-controller/service.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.recommenderOnly -}} apiVersion: v1 kind: Service metadata: @@ -20,3 +21,4 @@ spec: targetPort: http-metrics selector: {{- include "vertical-pod-autoscaler.admissionController.selectorLabels" . | nindent 4 }} +{{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/admission-controller/serviceaccount.yaml b/charts/vertical-pod-autoscaler/templates/admission-controller/serviceaccount.yaml index e84157b0..8472a4cc 100644 --- a/charts/vertical-pod-autoscaler/templates/admission-controller/serviceaccount.yaml +++ b/charts/vertical-pod-autoscaler/templates/admission-controller/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.recommenderOnly -}} {{- if .Values.admissionController.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount @@ -14,3 +15,4 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- end -}} +{{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/admission-controller/servicemonitor.yaml b/charts/vertical-pod-autoscaler/templates/admission-controller/servicemonitor.yaml index 48c3dd58..d982f9e5 100644 --- a/charts/vertical-pod-autoscaler/templates/admission-controller/servicemonitor.yaml +++ b/charts/vertical-pod-autoscaler/templates/admission-controller/servicemonitor.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.recommenderOnly -}} {{- if .Values.serviceMonitor.enabled -}} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor @@ -28,3 +29,4 @@ spec: {{- end }} {{- end }} {{- end -}} +{{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/admission-controller/webhook.yaml b/charts/vertical-pod-autoscaler/templates/admission-controller/webhook.yaml index 691ffbec..cb3522c0 100644 --- a/charts/vertical-pod-autoscaler/templates/admission-controller/webhook.yaml +++ b/charts/vertical-pod-autoscaler/templates/admission-controller/webhook.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.recommenderOnly -}} {{- $tls := fromYaml (include "vertical-pod-autoscaler.admissionController.webhookCert" .) -}} {{- if not .Values.admissionController.certManager.enabled }} apiVersion: v1 @@ -46,3 +47,4 @@ webhooks: apiGroups: ["autoscaling.k8s.io"] apiVersions: ["*"] resources: ["verticalpodautoscalers"] +{{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/rbac.yaml b/charts/vertical-pod-autoscaler/templates/rbac.yaml index a8fc2bee..b233723f 100644 --- a/charts/vertical-pod-autoscaler/templates/rbac.yaml +++ b/charts/vertical-pod-autoscaler/templates/rbac.yaml @@ -173,6 +173,7 @@ rules: - get - list - watch +{{ if not .Values.recommenderOnly }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -227,6 +228,7 @@ rules: - get - list - watch +{{ end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -273,9 +275,11 @@ subjects: - kind: ServiceAccount name: {{ include "vertical-pod-autoscaler.recommender.serviceAccountName" . }} namespace: {{ .Release.Namespace }} + {{- if not .Values.recommenderOnly }} - kind: ServiceAccount name: {{ include "vertical-pod-autoscaler.updater.serviceAccountName" . }} namespace: {{ .Release.Namespace }} + {{ end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -321,12 +325,15 @@ subjects: - kind: ServiceAccount name: {{ include "vertical-pod-autoscaler.recommender.serviceAccountName" . }} namespace: {{ .Release.Namespace }} + {{- if not .Values.recommenderOnly }} - kind: ServiceAccount name: {{ include "vertical-pod-autoscaler.admissionController.serviceAccountName" . }} namespace: {{ .Release.Namespace }} - kind: ServiceAccount name: {{ include "vertical-pod-autoscaler.updater.serviceAccountName" . }} namespace: {{ .Release.Namespace }} + {{ end }} +{{ if not .Values.recommenderOnly }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -342,6 +349,8 @@ subjects: - kind: ServiceAccount name: {{ include "vertical-pod-autoscaler.updater.serviceAccountName" . }} namespace: {{ .Release.Namespace }} +{{ end }} +{{ if not .Values.recommenderOnly }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -357,6 +366,8 @@ subjects: - kind: ServiceAccount name: {{ include "vertical-pod-autoscaler.admissionController.serviceAccountName" . }} namespace: {{ .Release.Namespace }} +{{ end }} +{{ if not .Values.recommenderOnly }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -372,4 +383,5 @@ subjects: - kind: ServiceAccount name: {{ include "vertical-pod-autoscaler.updater.serviceAccountName" . }} namespace: {{ .Release.Namespace }} +{{ end }} {{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/updater/deployment.yaml b/charts/vertical-pod-autoscaler/templates/updater/deployment.yaml index 1d4f11a3..1280a6ac 100644 --- a/charts/vertical-pod-autoscaler/templates/updater/deployment.yaml +++ b/charts/vertical-pod-autoscaler/templates/updater/deployment.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.recommenderOnly -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -93,3 +94,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/updater/pdb.yaml b/charts/vertical-pod-autoscaler/templates/updater/pdb.yaml index a43bb2f5..ceba80b6 100644 --- a/charts/vertical-pod-autoscaler/templates/updater/pdb.yaml +++ b/charts/vertical-pod-autoscaler/templates/updater/pdb.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.recommenderOnly -}} {{- if .Values.updater.podDisruptionBudget.enabled -}} apiVersion: {{ include "vertical-pod-autoscaler.pdb.apiVersion" . }} kind: PodDisruptionBudget @@ -17,3 +18,4 @@ spec: maxUnavailable: {{ .Values.updater.podDisruptionBudget.maxUnavailable }} {{- end }} {{- end -}} +{{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/updater/service.yaml b/charts/vertical-pod-autoscaler/templates/updater/service.yaml index 52289ccc..018ab448 100644 --- a/charts/vertical-pod-autoscaler/templates/updater/service.yaml +++ b/charts/vertical-pod-autoscaler/templates/updater/service.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.recommenderOnly -}} {{- if .Values.serviceMonitor.enabled -}} apiVersion: v1 kind: Service @@ -19,3 +20,4 @@ spec: selector: {{- include "vertical-pod-autoscaler.updater.selectorLabels" . | nindent 4 }} {{- end -}} +{{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/updater/serviceaccount.yaml b/charts/vertical-pod-autoscaler/templates/updater/serviceaccount.yaml index 5d5f10df..bb39cbd6 100644 --- a/charts/vertical-pod-autoscaler/templates/updater/serviceaccount.yaml +++ b/charts/vertical-pod-autoscaler/templates/updater/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.recommenderOnly -}} {{- if .Values.updater.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount @@ -14,3 +15,4 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- end -}} +{{- end -}} diff --git a/charts/vertical-pod-autoscaler/templates/updater/servicemonitor.yaml b/charts/vertical-pod-autoscaler/templates/updater/servicemonitor.yaml index c5a109bf..638041a1 100644 --- a/charts/vertical-pod-autoscaler/templates/updater/servicemonitor.yaml +++ b/charts/vertical-pod-autoscaler/templates/updater/servicemonitor.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.recommenderOnly -}} {{- if .Values.serviceMonitor.enabled -}} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor @@ -28,3 +29,4 @@ spec: {{- end }} {{- end }} {{- end -}} +{{- end -}} diff --git a/charts/vertical-pod-autoscaler/values.yaml b/charts/vertical-pod-autoscaler/values.yaml index 1839e74c..e6999ad6 100644 --- a/charts/vertical-pod-autoscaler/values.yaml +++ b/charts/vertical-pod-autoscaler/values.yaml @@ -19,6 +19,9 @@ serviceMonitor: logLevel: 4 +# Only deploy the recommender +recommenderOnly: false + admissionController: image: repository: registry.k8s.io/autoscaling/vpa-admission-controller