feat(vertical-pod-autoscaler): Support recommender only deployment (#853

)

Supports a mode of deployment where only the recommender is deployed and
the updater and admission controller and not. This provides for a
cleaner deployment as opposed to the current state where you can only
scale these deployments down to 0. E.g. In the case that alerting has been
setup, special casing isn't needed to account for a deployment that's
meant to have replicas set at 0.

Signed-off-by: Andrew Gershman <[email protected]>

charts/vertical-pod-autoscaler/CHANGELOG.md

@@ -20,6 +20,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [UNRELEASED]
 
+### Added
+
+- Added `recommenderOnly` to allow for deployment of only the [VPA Recommender](https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/pkg/recommender/README.md).
+
 ## [v1.4.0] - 2023-10-31
 
 ### Changed

charts/vertical-pod-autoscaler/README.md

@@ -69,7 +69,8 @@ The following table lists the configurable parameters of the _Vertical Pod Autos
 | `admissionController.webhook.name`                       | Name of the admission controller webhook.                                                                                                                                                        | `vpa-webhook-config`                     |
 | `admissionController.certManager.enabled`                | If `true`, use _Cert Manager_ to create and manage the certificates for the webhook.                                                                                                             | `false`                                  |
 | `admissionController.certManager.issuerKind`             | The type of issuer that `admissionController.certManager.issuerName` refers to.                                                                                                                  | `Issuer`                                 |
-| `admissionController.certManager.issuerName`             | If set, the _Cert Manager_ certificate will be configued to use this issuer.                                                                                                                     | `null`                                   |
+| `admissionController.certManager.issuerName`             | If set, the _Cert Manager_ certificate will be configured to use this issuer.                                                                                                                    |
+| `recommenderOnly`                                        | If `true`, only deploy the VPA recommender. This is useful if you're only wanting to use VPA for resource recommendations.                                                                       | `false`                                  |
 | `recommender.serviceAccount.create`                      | If `true`, create a new `ServiceAccount` for the recommender pod.                                                                                                                                | `true`                                   |
 | `recommender.serviceAccount.labels`                      | Labels to add to the recommender `ServiceAccount`.                                                                                                                                               | `{}`                                     |
 | `recommender.serviceAccount.annotations`                 | Annotations to add to the recommender `ServiceAccount`.                                                                                                                                          | `{}`                                     |

charts/vertical-pod-autoscaler/templates/admission-controller/certificate.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.admissionController.certManager.enabled -}}
+{{- if and (not .Values.recommenderOnly) .Values.admissionController.certManager.enabled -}}
 {{- if not .Values.admissionController.certManager.issuerName }}
 apiVersion: cert-manager.io/v1
 kind: Issuer

charts/vertical-pod-autoscaler/templates/admission-controller/deployment.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.recommenderOnly -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -109,3 +110,4 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+{{- end -}}

charts/vertical-pod-autoscaler/templates/admission-controller/pdb.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.admissionController.podDisruptionBudget.enabled -}}
+{{- if and (not .Values.recommenderOnly) .Values.admissionController.podDisruptionBudget.enabled -}}
 apiVersion: {{ include "vertical-pod-autoscaler.pdb.apiVersion" . }}
 kind: PodDisruptionBudget
 metadata:

charts/vertical-pod-autoscaler/templates/admission-controller/service.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.recommenderOnly -}}
 apiVersion: v1
 kind: Service
 metadata:
@@ -20,3 +21,4 @@ spec:
       targetPort: http-metrics
   selector:
     {{- include "vertical-pod-autoscaler.admissionController.selectorLabels" . | nindent 4 }}
+{{- end -}}

charts/vertical-pod-autoscaler/templates/admission-controller/serviceaccount.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.admissionController.serviceAccount.create -}}
+{{- if and (not .Values.recommenderOnly) .Values.admissionController.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:

charts/vertical-pod-autoscaler/templates/admission-controller/servicemonitor.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.serviceMonitor.enabled -}}
+{{- if and (not .Values.recommenderOnly) .Values.serviceMonitor.enabled -}}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:

charts/vertical-pod-autoscaler/templates/admission-controller/webhook.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.recommenderOnly -}}
 {{- $tls := fromYaml (include "vertical-pod-autoscaler.admissionController.webhookCert" .) -}}
 {{- if not .Values.admissionController.certManager.enabled }}
 apiVersion: v1
@@ -46,3 +47,4 @@ webhooks:
         apiGroups: ["autoscaling.k8s.io"]
         apiVersions: ["*"]
         resources: ["verticalpodautoscalers"]
+{{- end -}}

charts/vertical-pod-autoscaler/templates/rbac.yaml

@@ -173,6 +173,7 @@ rules:
       - get
       - list
       - watch
+{{ if not .Values.recommenderOnly }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -227,6 +228,7 @@ rules:
       - get
       - list
       - watch
+{{ end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -273,9 +275,11 @@ subjects:
   - kind: ServiceAccount
     name: {{ include "vertical-pod-autoscaler.recommender.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
+  {{- if not .Values.recommenderOnly }}
   - kind: ServiceAccount
     name: {{ include "vertical-pod-autoscaler.updater.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
+  {{ end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -321,12 +325,15 @@ subjects:
   - kind: ServiceAccount
     name: {{ include "vertical-pod-autoscaler.recommender.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
+  {{- if not .Values.recommenderOnly }}
   - kind: ServiceAccount
     name: {{ include "vertical-pod-autoscaler.admissionController.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
   - kind: ServiceAccount
     name: {{ include "vertical-pod-autoscaler.updater.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
+  {{ end }}
+{{ if not .Values.recommenderOnly }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -342,6 +349,8 @@ subjects:
   - kind: ServiceAccount
     name: {{ include "vertical-pod-autoscaler.updater.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ if not .Values.recommenderOnly }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -357,6 +366,8 @@ subjects:
   - kind: ServiceAccount
     name: {{ include "vertical-pod-autoscaler.admissionController.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ if not .Values.recommenderOnly }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -372,4 +383,5 @@ subjects:
   - kind: ServiceAccount
     name: {{ include "vertical-pod-autoscaler.updater.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
+{{ end }}
 {{- end -}}

charts/vertical-pod-autoscaler/templates/updater/deployment.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.recommenderOnly -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -93,3 +94,4 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+{{- end -}}

charts/vertical-pod-autoscaler/templates/updater/pdb.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.updater.podDisruptionBudget.enabled -}}
+{{- if and (not .Values.recommenderOnly) .Values.updater.podDisruptionBudget.enabled -}}
 apiVersion: {{ include "vertical-pod-autoscaler.pdb.apiVersion" . }}
 kind: PodDisruptionBudget
 metadata:

charts/vertical-pod-autoscaler/templates/updater/service.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.serviceMonitor.enabled -}}
+{{- if and (not .Values.recommenderOnly) .Values.serviceMonitor.enabled -}}
 apiVersion: v1
 kind: Service
 metadata:

charts/vertical-pod-autoscaler/templates/updater/serviceaccount.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.updater.serviceAccount.create -}}
+{{- if and (not .Values.recommenderOnly) .Values.updater.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:

charts/vertical-pod-autoscaler/templates/updater/servicemonitor.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.serviceMonitor.enabled -}}
+{{- if and (not .Values.recommenderOnly) .Values.serviceMonitor.enabled -}}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:

charts/vertical-pod-autoscaler/values.yaml

@@ -19,6 +19,9 @@ serviceMonitor:
 
 logLevel: 4
 
+# Only deploy the recommender
+recommenderOnly: false
+
 admissionController:
   image:
     repository: registry.k8s.io/autoscaling/vpa-admission-controller