Skip to content

Commit 76b7a88

Browse files
committed
test
1 parent 63f9df7 commit 76b7a88

3 files changed

Lines changed: 125 additions & 0 deletions

File tree

infrastructure/controllers/kyverno/kustomization.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ resources:
77
- policies/volsync-pvc-backup-restore.yaml
88
- policies/volsync-nfs-inject.yaml
99
- policies/volsync-orphan-cleanup.yaml
10+
- policies/vpa-auto-create.yaml
1011
helmCharts:
1112
- name: kyverno
1213
repo: https://kyverno.github.io/kyverno
Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
---
2+
apiVersion: kyverno.io/v1
3+
kind: ClusterPolicy
4+
metadata:
5+
name: vpa-auto-create
6+
annotations:
7+
policies.kyverno.io/title: Auto-create VPA for Deployments and StatefulSets
8+
policies.kyverno.io/description: >-
9+
Automatically generates a VerticalPodAutoscaler in Off mode for every
10+
Deployment and StatefulSet. VPA recommendations can be read via
11+
kubectl get vpa -A to right-size resource requests.
12+
spec:
13+
mutateExistingOnPolicyUpdate: false
14+
background: true
15+
rules:
16+
- name: generate-vpa-for-deployment
17+
match:
18+
any:
19+
- resources:
20+
kinds:
21+
- Deployment
22+
operations:
23+
- CREATE
24+
- UPDATE
25+
exclude:
26+
any:
27+
- resources:
28+
namespaces:
29+
- kube-system
30+
- kyverno
31+
- vertical-pod-autoscaler
32+
generate:
33+
synchronize: true
34+
apiVersion: autoscaling.k8s.io/v1
35+
kind: VerticalPodAutoscaler
36+
name: "{{request.object.metadata.name}}"
37+
namespace: "{{request.object.metadata.namespace}}"
38+
data:
39+
spec:
40+
targetRef:
41+
apiVersion: apps/v1
42+
kind: Deployment
43+
name: "{{request.object.metadata.name}}"
44+
updatePolicy:
45+
updateMode: "Off"
46+
- name: generate-vpa-for-statefulset
47+
match:
48+
any:
49+
- resources:
50+
kinds:
51+
- StatefulSet
52+
operations:
53+
- CREATE
54+
- UPDATE
55+
exclude:
56+
any:
57+
- resources:
58+
namespaces:
59+
- kube-system
60+
- kyverno
61+
- vertical-pod-autoscaler
62+
generate:
63+
synchronize: true
64+
apiVersion: autoscaling.k8s.io/v1
65+
kind: VerticalPodAutoscaler
66+
name: "{{request.object.metadata.name}}"
67+
namespace: "{{request.object.metadata.namespace}}"
68+
data:
69+
spec:
70+
targetRef:
71+
apiVersion: apps/v1
72+
kind: StatefulSet
73+
name: "{{request.object.metadata.name}}"
74+
updatePolicy:
75+
updateMode: "Off"
Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
# Vertical Pod Autoscaler (VPA)
2+
3+
VPA monitors actual CPU/memory usage and recommends optimal resource requests for pods.
4+
5+
## How It Works
6+
7+
VPA is deployed in **Off mode** — it generates recommendations but does not apply them. A Kyverno ClusterPolicy (`vpa-auto-create`) automatically creates a VPA resource for every Deployment and StatefulSet in the cluster (excluding system namespaces).
8+
9+
When you're ready to let VPA auto-tune, change the `updateMode` to `InPlaceOrRecreate` (K8s 1.35 GA feature — resizes pods without restarting them).
10+
11+
## Reading Recommendations
12+
13+
```bash
14+
# Quick summary of all VPA recommendations
15+
kubectl get vpa -A -o custom-columns=\
16+
NAMESPACE:.metadata.namespace,\
17+
NAME:.metadata.name,\
18+
CPU:.status.recommendation.containerRecommendations[0].target.cpu,\
19+
MEM:.status.recommendation.containerRecommendations[0].target.memory
20+
21+
# Full detail for a specific app
22+
kubectl describe vpa <name> -n <namespace>
23+
```
24+
25+
Recommendations include four values per container:
26+
- **target** — what VPA thinks you should set
27+
- **lowerBound** — minimum safe value
28+
- **upperBound** — max it would recommend
29+
- **uncappedTarget** — ideal ignoring any min/max constraints
30+
31+
## Components
32+
33+
| Component | Purpose |
34+
|-----------|---------|
35+
| **Recommender** | Analyzes metrics, generates recommendations |
36+
| **Updater** | Applies changes when mode is not Off (evicts or in-place resizes) |
37+
| **Admission Controller** | Sets resources on new pods when mode is not Off |
38+
39+
## Dependencies
40+
41+
- **metrics-server** (`infrastructure/controllers/metrics-server/`) — provides the `metrics.k8s.io` API that VPA reads from
42+
- **Kyverno** — auto-generates VPA resources via `vpa-auto-create` ClusterPolicy
43+
44+
## Notes
45+
46+
- VPA only tracks CPU and memory — GPU (`nvidia.com/gpu`) and ephemeral-storage are not managed
47+
- Recommendations need a few hours of pod runtime to stabilize
48+
- Upper bounds will be very wide initially and tighten over days
49+
- GPU workloads will show low CPU/memory recommendations since compute happens on GPU VRAM

0 commit comments

Comments
 (0)