You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|**Goldilocks**| Auto-creates VPA resources for all workloads AND provides web dashboard to visualize recommendations |`infrastructure/controllers/goldilocks/`|
66
-
67
-
### How They Fit Together
59
+
## Architecture
68
60
69
61
```
70
62
kubelet /metrics/resource
71
-
|
72
-
v
63
+
│
64
+
▼
73
65
metrics-server (provides metrics.k8s.io API)
74
-
|
75
-
v
76
-
VPA Recommender (reads metrics, writes recommendations to VPA status)
77
-
^
78
-
|
79
-
Goldilocks Controller (on-by-default: true, auto-creates VPA for all workloads)
80
-
|
81
-
v
82
-
VPA resources (one per workload, updateMode: "Off")
**Key point**: Goldilocks with `on-by-default: "true"` auto-creates VPA resources for all Deployments, StatefulSets, and DaemonSets cluster-wide. No Kyverno policy or manual VPA resources needed.
84
+
**Goldilocks is the sole VPA creator.** With `on-by-default: "true"`, it auto-creates VPA resources for all workloads cluster-wide. No manual VPA manifests needed.
# Current resource usage vs requests (side-by-side comparison)
193
+
kubectl top pods -n <namespace>
194
+
kubectl get deploy <name> -n <ns> -o jsonpath='{.spec.template.spec.containers[0].resources}'
195
+
kubectl get vpa <name> -n <ns> -o jsonpath='{.status.recommendation.containerRecommendations[0].target}'
127
196
```
128
197
129
-
### Understanding the Four Values
198
+
---
199
+
200
+
## Reading Recommendations
201
+
202
+
### The Four VPA Values
130
203
131
204
VPA recommendations include four values per container:
132
205
@@ -144,8 +217,6 @@ VPA recommendations include four values per container:
144
217
-`1073741824` = 1Gi
145
218
-`1610612736` = 1.5Gi
146
219
147
-
## When to Change Resources
148
-
149
220
### Decision Matrix
150
221
151
222
| Situation | Action | Priority |
@@ -163,9 +234,13 @@ VPA recommendations include four values per container:
163
234
-**Re-check after major changes** (new features, traffic spikes, version upgrades). VPA is backward-looking.
164
235
-**Upper bounds stabilize over ~14 days**. They'll be very wide initially.
165
236
166
-
### How to Apply Changes
237
+
---
238
+
239
+
## Applying Changes (GitOps Workflow)
167
240
168
-
1. Read the VPA recommendation (Goldilocks dashboard or kubectl)
241
+
### Step-by-Step
242
+
243
+
1. Read the VPA recommendation (Goldilocks dashboard or `./scripts/vpa-report.sh`)
169
244
2. Update the app's `values.yaml` with new resource requests
170
245
3. Add a comment documenting the VPA data and reasoning:
171
246
@@ -193,6 +268,8 @@ resources:
193
268
| `limits.cpu` | 2-4x request (allows burst). Or omit entirely to let pods burst freely. |
194
269
| `limits.memory` | 2-4x request (or match VPA `upperBound` if spikes are expected) |
195
270
271
+
---
272
+
196
273
## Common Workload Patterns
197
274
198
275
### CPU-Bound (Helm rendering, image processing)
@@ -222,6 +299,8 @@ Example: argocd-server
222
299
### GPU Workloads
223
300
VPA only tracks CPU/memory, not GPU. Recommendations will show low CPU/memory because compute happens on GPU VRAM. Set CPU/memory based on data loading needs, not inference.
See `infrastructure/controllers/argocd/values.yaml` for the actual implementation with inline VPA documentation.
259
338
260
-
## Excluded Namespaces
261
-
262
-
Goldilocks can be configured to exclude namespaces via the `goldilocks.fairwinds.com/enabled=false` label. By default with `on-by-default: "true"`, all namespaces are included.
339
+
---
263
340
264
-
## K8s 1.35: In-Place Pod Resize (Future)
341
+
## In-Place Pod Resize (K8s 1.35)
265
342
266
343
This cluster runs K8s v1.35.1 where In-Place Pod Resize is GA. VPA supports `updateMode: "InPlaceOrRecreate"` which resizes pods **without restarting them** when possible.
267
344
268
-
Currently we use `updateMode: "Off"` (manual review). When confident in VPA accuracy after 2-4 weeks of observation, you can switch individual workloads to `InPlaceOrRecreate`:
345
+
Currently we use `updateMode: "Off"` (manual review via Goldilocks). When confident in VPA accuracy after 2-4 weeks of observation, you can enable auto-tuning per workload.
346
+
347
+
### How to Enable
348
+
349
+
Goldilocks creates VPAs with `updateMode: "Off"`. To enable in-place resize for a specific workload, create a manual VPA that overrides the Goldilocks-managed one:
269
350
270
351
```yaml
271
352
apiVersion: autoscaling.k8s.io/v1
272
353
kind: VerticalPodAutoscaler
354
+
metadata:
355
+
name: my-app # Must match Goldilocks VPA name
356
+
namespace: my-app
357
+
labels:
358
+
goldilocks.fairwinds.com/enabled: "false" # Prevent Goldilocks from overwriting
273
359
spec:
360
+
targetRef:
361
+
apiVersion: apps/v1
362
+
kind: Deployment
363
+
name: my-app
274
364
updatePolicy:
275
365
updateMode: "InPlaceOrRecreate" # Live resize when possible
276
366
```
277
367
278
368
**Start with non-critical workloads** (dev tools, media apps) before enabling on infrastructure.
279
369
370
+
### How It Works
371
+
372
+
1. VPA Updater watches pods with `InPlaceOrRecreate` mode
373
+
2. If recommendation differs significantly from current resources, it patches the pod spec
374
+
3. Kernel applies new CPU/memory limits **without restarting** the container (when supported)
375
+
4. If in-place resize fails, pod is evicted and recreated with new resources
376
+
377
+
---
378
+
280
379
## Troubleshooting
281
380
282
381
### No recommendations showing
@@ -287,7 +386,8 @@ spec:
287
386
### Goldilocks dashboard is empty
288
387
- Check if Goldilocks controller is running: `kubectl get pods -n goldilocks`
289
388
- Goldilocks is set to `on-by-default: "true"` — all namespaces should appear
290
-
- VPA resources are created by Goldilocks automatically for all workloads
Copy file name to clipboardExpand all lines: infrastructure/controllers/vertical-pod-autoscaler/README.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ VPA monitors actual CPU/memory usage and recommends optimal resource requests fo
4
4
5
5
## How It Works
6
6
7
-
VPA is deployed in **Off mode** — it generates recommendations but does not apply them. A Kyverno ClusterPolicy (`vpa-auto-create`) automatically creates a VPA resource for every Deploymentand StatefulSet in the cluster (excluding system namespaces).
7
+
VPA is deployed in **Off mode** — it generates recommendations but does not apply them. Goldilocks (`infrastructure/controllers/goldilocks/`) with `on-by-default: "true"` automatically creates a VPA resource for every Deployment, StatefulSet, and DaemonSet in the cluster.
8
8
9
9
When you're ready to let VPA auto-tune, change the `updateMode` to `InPlaceOrRecreate` (K8s 1.35 GA feature — resizes pods without restarting them).
0 commit comments