在開始實作之前，讓我們稍微複習 VPA 是什麼：

Vertical Pod Autoscaler（簡稱 VPA ） 自動更新工作負載資源（例如 Deployment 或者 StatefulSet），目的是自動擴縮工作負載以滿足需求。VPA 的重點不是調整 Pod 的數量，而是調整 單一 Pod 的 CPU 和 記憶體 資源需求。

開始之前

叢集必需部署 Metrics Server 。因為 HPA 需要透過 kubelet 收集 Metrics Server。部署安裝的方式可以回頭去看之前的章節。

另外本章的實作還需要從 Github 專案下載腳本，請確保終端有安裝 git。

安裝 VPA

我們需要透過 git 下載 autoscaler 專案項目，並且進入專案資料夾 vertical-pod-autoscaler 運行安裝執行檔

git clone https://github.com/kubernetes/autoscaler.git
cd autoscaler/vertical-pod-autoscaler

• 執行安裝腳本

./hack/vpa-up.sh

• 觀察輸出內容

Updating files: 100% (10662/10662), done.
HEAD is now at fa03c5a89 Merge pull request #6841 from kwiesmueller/vpa-release-1.1
customresourcedefinition.apiextensions.k8s.io/verticalpodautoscalercheckpoints.autoscaling.k8s.io created
customresourcedefinition.apiextensions.k8s.io/verticalpodautoscalers.autoscaling.k8s.io created
clusterrole.rbac.authorization.k8s.io/system:metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:vpa-actor created
clusterrole.rbac.authorization.k8s.io/system:vpa-status-actor created
clusterrole.rbac.authorization.k8s.io/system:vpa-checkpoint-actor created
clusterrole.rbac.authorization.k8s.io/system:evictioner created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-reader created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-actor created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-status-actor created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-checkpoint-actor created
clusterrole.rbac.authorization.k8s.io/system:vpa-target-reader created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-target-reader-binding created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-evictioner-binding created
serviceaccount/vpa-admission-controller created
serviceaccount/vpa-recommender created
serviceaccount/vpa-updater created
clusterrole.rbac.authorization.k8s.io/system:vpa-admission-controller created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-admission-controller created
clusterrole.rbac.authorization.k8s.io/system:vpa-status-reader created
clusterrolebinding.rbac.authorization.k8s.io/system:vpa-status-reader-binding created
deployment.apps/vpa-updater created
deployment.apps/vpa-recommender created
Generating certs for the VPA Admission Controller in /tmp/vpa-certs.
Certificate request self-signature ok
subject=CN = vpa-webhook.kube-system.svc
Uploading certs to the cluster.
secret/vpa-tls-certs created
Deleting /tmp/vpa-certs.
deployment.apps/vpa-admission-controller created
service/vpa-webhook created

可以注意到，裡面包含了三個組件: vpa-admission-controller, vpa-recommender, vpa-updater

• 驗證組件的 Pod 是否存在

kubectl get pods -n kube-system | grep vpa
---
vpa-admission-controller-74c66b9d49-fqt2r       1/1     Running   0             16m
vpa-recommender-6c4585968-r975w                 1/1     Running   0             16m
vpa-updater-7686fd5bf9-cj45x                    1/1     Running   0             16m

建立 Deployment

組態檔案: vpa-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: high-cpu-utilization-deployment
spec:
  replicas: 2
  selector:
    matchLabels:
      app: cpu-utilization-app
  template:
    metadata:
      labels:
        app: cpu-utilization-app
    spec:
      containers:
      - name: cpu-utilization-container
        image: ubuntu
        command: ["/bin/sh", "-c", "apt-get update && apt-get install -y stress-ng && while true; do stress-ng --cpu 1; done"]
        resources:
          limits:
            cpu: "0.05"
          requests:
            cpu: "0.05"

此部署容器會使用 stress-ng 工具重複執行 CPU 壓力測試，消耗少量但持續的 CPU ，以模擬 CPU 的高使用率。

• 建立資源

kubectl apply -f `vpa-deployment.yaml`

驗證

• 檢查其中一個 Pod 的 CPU Limit/Request

kubectl describe pod high-cpu-utilization-deployment-5bdf744849-9628z

結果如下

Name:             high-cpu-utilization-deployment-5bdf744849-9628z
[...]
    Limits:
      cpu:  50m
    Requests:
      cpu:        50m
[...]

目前的 Limit/Request 是 50m，我們先記得這個數字。

• 打開一個新終端 t1 ，監控 Deployment 事件

kubectl get events --field-selector involvedObject.kind=Deployment,involvedObject.name=high-cpu-utilization-deployment --watch

建立 VPA

組態檔案: vpa.yaml

apiVersion: "autoscaling.k8s.io/v1"
kind: VerticalPodAutoscaler
metadata:
  name: stress-vpa
spec:
  targetRef:
    apiVersion: "apps/v1"
    kind: Deployment
    name: high-cpu-utilization-deployment
  updatePolicy:
    updateMode: Auto
  resourcePolicy:
    containerPolicies:
      - containerName: '*'
        minAllowed:
          cpu: 100m
          memory: 50Mi
        maxAllowed:
          cpu: 200m  #maximum vpa will be allocating this many cpus even if demand is higher.
          memory: 500Mi
        controlledResources: ["cpu", "memory"]

此 VPA 會自動調整「高 CPU 使用率部署」的 CPU 和記憶體請求與限制，以確保在指定的範圍 (100m 到 200m CPU 和 50Mi 到 500Mi 記憶體) 內有效使用資源。它針對部署中的所有容器進行資源管理。

• 建立 VPA

kubectl apply -f vpa.yaml

等待幾分鐘，好讓 VPA 反應。

• 回到終端 t1，查看結果

LAST SEEN   TYPE     REASON         OBJECT                                                 MESSAGE
[...]
12m         Normal   Scheduled      pod/high-cpu-utilization-deployment-5bdf744849-5b2wv   Successfully assigned default/high-cpu-utilization-deployment-5bdf744849-5b2wv to wslkind-worker
12m         Normal   Killing        pod/high-cpu-utilization-deployment-5bdf744849-9628z   Stopping container cpu-utilization-container
12m         Normal   EvictedByVPA   pod/high-cpu-utilization-deployment-5bdf744849-9628z   Pod was evicted by VPA Updater to apply resource recommendation.
12m         Normal   Pulling        pod/high-cpu-utilization-deployment-5bdf744849-5b2wv   Pulling image "ubuntu"
12m         Normal   Started        pod/high-cpu-utilization-deployment-5bdf744849-5b2wv   Started container cpu-utilization-container
12m         Normal   Created        pod/high-cpu-utilization-deployment-5bdf744849-5b2wv   Created container cpu-utilization-container
12m         Normal   Pulled         pod/high-cpu-utilization-deployment-5bdf744849-5b2wv   Successfully pulled image "ubuntu" in 1.673s (1.673s including waiting). Image size: 29709006 bytes.
11m         Normal   Killing        pod/high-cpu-utilization-deployment-5bdf744849-rm46j   Stopping container cpu-utilization-container
11m         Normal   EvictedByVPA   pod/high-cpu-utilization-deployment-5bdf744849-rm46j   Pod was evicted by VPA Updater to apply resource recommendation.
11m         Normal   Scheduled      pod/high-cpu-utilization-deployment-5bdf744849-m7tnr   Successfully assigned default/high-cpu-utilization-deployment-5bdf744849-m7tnr to wslkind-worker2
11m         Normal   Pulling        pod/high-cpu-utilization-deployment-5bdf744849-m7tnr   Pulling image "ubuntu"
11m         Normal   Created        pod/high-cpu-utilization-deployment-5bdf744849-m7tnr   Created container cpu-utilization-container
11m         Normal   Pulled         pod/high-cpu-utilization-deployment-5bdf744849-m7tnr   Successfully pulled image "ubuntu" in 1.837s (1.837s including waiting). Image size: 29709006 bytes.
11m         Normal   Started        pod/high-cpu-utilization-deployment-5bdf744849-m7tnr   Started container cpu-utilization-container

可以看到，VPA 驅逐 (EvictedByVPA) 了原有的 Pod，建立新的 Pod。

• 檢查其中一個 Pod 的 CPU Limit/Request

kubectl describe pod high-cpu-utilization-deployment-5bdf744849-m7tnr

結果如下

Name:             high-cpu-utilization-deployment-5bdf744849-m7tnr
[...]
    Limits:
      cpu:  100m
    Requests:
      cpu:        100m
      memory:     262144k
[...]

Pod 的 Limit/Request 已經被改變了。VPA 已經為增加的負載做出資源的調整。

清理

• 移除所有 VPA 資源後，在項目資料夾執行清理腳本

./hack/vpa-down.sh

參考

• ⎈ A Hands-On Guide to Kubernetes Horizontal & Vertical Pod Autoscalers 🛠️ | by Anvesh Muppeda | Jun, 2024 | Medium
• https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler