feat: allow deploying additional VPA recommenders

dev/config/gitops-config.yaml

@@ -7,6 +7,18 @@ rhacsOperators:
       image: "quay.io/rhacs-eng/stackrox-operator:4.4.2"
       centralLabelSelector: "rhacs.redhat.com/version-selector=4.4.2"
       securedClusterReconcilerEnabled: false
+verticalPodAutoscaling:
+  recommenders:
+    - image: registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:d812f6374fe7f01d7299d0502ead4da86c69a0c38549af66b34d01a367bc1169
+      name: vpa-1
+      imagePullSecrets: [{ name: redhat-pull-secret }]
+      recommendationMarginFraction: 0.30
+      podRecommendationMinCpuMillicores: 10
+    - image: registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:d812f6374fe7f01d7299d0502ead4da86c69a0c38549af66b34d01a367bc1169
+      name: vpa-2
+      imagePullSecrets: [{ name: redhat-pull-secret }]
+      recommendationMarginFraction: 0.30
+      podRecommendationMinCpuMillicores: 20
 tenantResources:
   default: |
     labels:
@@ -22,6 +34,18 @@ tenantResources:
     verticalPodAutoscalers:
       central:
         enabled: true
+        updatePolicy:
+          updateMode: "Auto"
+          minReplicas: 1
+        resourcePolicy:
+          containerPolicies:
+            - containerName: "*"
+              minAllowed:
+                cpu: "100m"
+                memory: "50Mi"
+              maxAllowed:
+                cpu: "1"
+                memory: "2Gi"
 centrals:
   overrides:
     - instanceIds:

fleetshard/pkg/central/charts/charts_test.go

@@ -9,7 +9,6 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	ctrlClient "sigs.k8s.io/controller-runtime/pkg/client"
 
-	"helm.sh/helm/v3/pkg/chart/loader"
 	"helm.sh/helm/v3/pkg/chartutil"
 
 	"github.com/stretchr/testify/assert"
@@ -41,10 +40,7 @@ func TestTenantResourcesChart(t *testing.T) {
 }
 
 func TestInstallOrUpdateChartCreateNew(t *testing.T) {
-	chartFiles, err := TraverseChart(testdata, "testdata/test-chart")
-	require.NoError(t, err)
-	chart, err := loader.LoadFiles(chartFiles)
-	require.NoError(t, err)
+	chart := mustGetChart(t, "test-chart")
 	fakeClient := testutils.NewFakeClientBuilder(t).Build()
 	ctx := context.Background()
 
@@ -70,10 +66,7 @@ func TestInstallOrUpdateChartCreateNew(t *testing.T) {
 }
 
 func TestInstallOrUpdateChartUpdateExisting(t *testing.T) {
-	chartFiles, err := TraverseChart(testdata, "testdata/test-chart")
-	require.NoError(t, err)
-	chart, err := loader.LoadFiles(chartFiles)
-	require.NoError(t, err)
+	chart := mustGetChart(t, "test-chart")
 	fakeClient := testutils.NewFakeClientBuilder(t, dummyDeployment).Build()
 	ctx := context.Background()
 

fleetshard/pkg/central/charts/data/rhacs-vertical-pod-autoscaling/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: rhacs-vertical-pod-autoscaling
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.0
+appVersion: "0.0.0"

fleetshard/pkg/central/charts/data/rhacs-vertical-pod-autoscaling/templates/recommender-deployment.yaml

@@ -0,0 +1,181 @@
+{{- range .Values.recommenders }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: "rhacs-vpa-recommender"
+    app.kubernetes.io/instance: {{ $.Release.Name | quote }}
+    app.kubernetes.io/version: {{ $.Chart.AppVersion | quote }}
+    app.kubernetes.io/managed-by: {{ $.Release.Service | quote }}
+    helm.sh/chart: "{{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_"}}"
+    meta.helm.sh/release-name: {{ $.Release.Name | quote }}
+    meta.helm.sh/release-namespace: {{ $.Release.Namespace | quote }}
+  name: {{ .name | quote }}
+  namespace: {{ $.Release.Namespace | quote }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: vpa-recommender
+      vertical-pod-autoscaler: {{ .name | quote }}
+  template:
+    metadata:
+      labels:
+        app: vpa-recommender
+        vertical-pod-autoscaler: {{ .name | quote }}
+    spec:
+      nodeSelector:
+        beta.kubernetes.io/os: linux
+        node-role.kubernetes.io/control-plane: ''
+      serviceAccountName: rhacs-vpa-recommender
+      terminationGracePeriodSeconds: 30
+      tolerations:
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - key: node-role.kubernetes.io/master
+          operator: Exists
+          effect: NoSchedule
+      priorityClassName: system-cluster-critical
+      {{ if .imagePullSecrets }}
+      imagePullSecrets: {{ toYaml .imagePullSecrets | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: recommender
+          image: {{ .image | quote }}
+          imagePullPolicy: Always
+          securityContext:
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            runAsUser: 1001080000
+            seccompProfile:
+              type: RuntimeDefault
+            capabilities:
+              drop: [ALL]
+          {{ if .resources }}
+          resources: {{ toYaml .resources | nindent 12 }}
+          {{- end }}
+          command:
+            - recommender
+          args:
+            - --recommender-name={{ .name }}
+            - --logtostderr
+            - --v=1
+            {{- if .recommendationMarginFraction }}
+            - --recommendation-margin-fraction={{ .recommendationMarginFraction }}
+            {{- end }}
+            {{- if .podRecommendationMinCpuMillicores }}
+            - --pod-recommendation-min-cpu-millicores={{ .podRecommendationMinCpuMillicores }}
+            {{- end }}
+            {{- if .podRecommendationMinMemoryMb }}
+            - --pod-recommendation-min-memory-mb={{ .podRecommendationMinMemoryMb }}
+            {{- end }}
+            {{- if .targetCpuPercentile }}
+            - --target-cpu-percentile={{ .targetCpuPercentile }}
+            {{- end }}
+            {{- if .recommendationLowerBoundCpuPercentile }}
+            - --recommendation-lower-bound-cpu-percentile={{ .recommendationLowerBoundCpuPercentile }}
+            {{- end }}
+            {{- if .recommendationUpperBoundCpuPercentile }}
+            - --recommendation-upper-bound-cpu-percentile={{ .recommendationUpperBoundCpuPercentile }}
+            {{- end }}
+            {{- if .targetMemoryPercentile }}
+            - --target-memory-percentile={{ .targetMemoryPercentile }}
+            {{- end }}
+            {{- if .recommendationLowerBoundMemoryPercentile }}
+            - --recommendation-lower-bound-memory-percentile={{ .recommendationLowerBoundMemoryPercentile }}
+            {{- end }}
+            {{- if .recommendationUpperBoundMemoryPercentile }}
+            - --recommendation-upper-bound-memory-percentile={{ .recommendationUpperBoundMemoryPercentile }}
+            {{- end }}
+            {{- if .checkpointsTimeout }}
+            - --checkpoints-timeout={{ .checkpointsTimeout }}
+            {{- end }}
+            {{- if .minCheckpoints }}
+            - --min-checkpoints={{ .minCheckpoints }}
+            {{- end }}
+            {{- if .memorySaver }}
+            - --memory-saver
+            {{- end }}
+            {{- if .recommenderInterval }}
+            - --recommender-interval={{ .recommenderInterval }}
+            {{- end }}
+            {{- if .checkpointsGcInterval }}
+            - --checkpoints-gc-interval={{ .checkpointsGcInterval }}
+            {{- end }}
+            {{- if .prometheusAddress }}
+            - --prometheus-address={{ .prometheusAddress }}
+            {{- end }}
+            {{- if .prometheusCadvisorJobName }}
+            - --prometheus-cadvisor-job-name={{ .prometheusCadvisorJobName }}
+            {{- end }}
+            {{- if .address }}
+            - --address={{ .address }}
+            {{- end }}
+            {{- if .kubeconfig }}
+            - --kubeconfig={{ .kubeconfig }}
+            {{- end }}
+            {{- if .kubeApiQps }}
+            - --kube-api-qps={{ .kubeApiQps }}
+            {{- end }}
+            {{- if .kubeApiBurst }}
+            - --kube-api-burst={{ .kubeApiBurst }}
+            {{- end }}
+            {{- if .storage }}
+            - --storage={{ .storage }}
+            {{- end }}
+            {{- if .historyLength }}
+            - --history-length={{ .historyLength }}
+            {{- end }}
+            {{- if .historyResolution }}
+            - --history-resolution={{ .historyResolution }}
+            {{- end }}
+            {{- if .prometheusQueryTimeout }}
+            - --prometheus-query-timeout={{ .prometheusQueryTimeout }}
+            {{- end }}
+            {{- if .podLabelPrefix }}
+            - --pod-label-prefix={{ .podLabelPrefix }}
+            {{- end }}
+            {{- if .metricForPodLabels }}
+            - --metric-for-pod-labels={{ .metricForPodLabels }}
+            {{- end }}
+            {{- if .podNamespaceLabel }}
+            - --pod-namespace-label={{ .podNamespaceLabel }}
+            {{- end }}
+            {{- if .podNameLabel }}
+            - --pod-name-label={{ .podNameLabel }}
+            {{- end }}
+            {{- if .containerNamespaceLabel }}
+            - --container-namespace-label={{ .containerNamespaceLabel }}
+            {{- end }}
+            {{- if .containerPodNameLabel }}
+            - --container-pod-name-label={{ .containerPodNameLabel }}
+            {{- end }}
+            {{- if .containerNameLabel }}
+            - --container-name-label={{ .containerNameLabel }}
+            {{- end }}
+            {{- if .vpaObjectNamespace }}
+            - --vpa-object-namespace={{ .vpaObjectNamespace }}
+            {{- end }}
+            {{- if .memoryAggregationInterval }}
+            - --memory-aggregation-interval={{ .memoryAggregationInterval }}
+            {{- end }}
+            {{- if .memoryAggregationIntervalCount }}
+            - --memory-aggregation-interval-count={{ .memoryAggregationIntervalCount }}
+            {{- end }}
+            {{- if .memoryHistogramDecayHalfLife }}
+            - --memory-histogram-decay-half-life={{ .memoryHistogramDecayHalfLife }}
+            {{- end }}
+            {{- if .cpuHistogramDecayHalfLife }}
+            - --cpu-histogram-decay-half-life={{ .cpuHistogramDecayHalfLife }}
+            {{- end }}
+            {{- if .cpuIntegerPostProcessorEnabled }}
+            - --cpu-integer-post-processor-enabled={{ .cpuIntegerPostProcessorEnabled }}
+            {{- end }}
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+---
+{{- end }}

fleetshard/pkg/central/charts/data/rhacs-vertical-pod-autoscaling/templates/recommender-rbac.yaml

@@ -0,0 +1,87 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rhacs-vpa-recommender
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: "rhacs-vpa-recommender"
+    app.kubernetes.io/instance: {{ $.Release.Name | quote }}
+    app.kubernetes.io/version: {{ $.Chart.AppVersion | quote }}
+    app.kubernetes.io/managed-by: {{ $.Release.Service | quote }}
+    helm.sh/chart: "{{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_"}}"
+    meta.helm.sh/release-name: {{ $.Release.Name | quote }}
+    meta.helm.sh/release-namespace: {{ $.Release.Namespace | quote }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rhacs-vpa-recommender
+  labels:
+    app.kubernetes.io/name: "rhacs-vpa-recommender"
+    app.kubernetes.io/instance: {{ $.Release.Name | quote }}
+    app.kubernetes.io/version: {{ $.Chart.AppVersion | quote }}
+    app.kubernetes.io/managed-by: {{ $.Release.Service | quote }}
+    helm.sh/chart: "{{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_"}}"
+    meta.helm.sh/release-name: {{ $.Release.Name | quote }}
+    meta.helm.sh/release-namespace: {{ $.Release.Namespace | quote }}
+rules:
+  - apiGroups: ["autoscaling.k8s.io"]
+    resources: ["verticalpodautoscalers"]
+    verbs: ["get", "list", "watch", "patch"]
+
+  - apiGroups: ["autoscaling.k8s.io"]
+    resources: ["verticalpodautoscalercheckpoints"]
+    verbs: ["get", "list", "watch", "patch", "create"]
+
+  - apiGroups: ["apps.openshift.io"]
+    resources: ["scale", "deploymentconfigs"]
+    verbs: ["get", "list", "watch"]
+
+  - apiGroups: ["apps"]
+    resources: ["statefulsets", "replicasets", "deployments", "daemonsets"]
+    verbs: ["get", "list", "watch"]
+
+  - apiGroups: ["*"]
+    resources: ["scale"]
+    verbs: ["get", "watch"]
+
+  - apiGroups: [""]
+    resources: ["replicationcontrollers", "pods", "nodes", "limitranges"]
+    verbs: ["get", "list", "watch"]
+
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["get", "list"]
+
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "create"]
+
+  - apiGroups: ["metrics.k8s.io"]
+    resources: ["pods"]
+    verbs: ["get", "list"]
+
+  - apiGroups: ["batch"]
+    resources: ["jobs", "cronjobs"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rhacs-vpa-recommender
+  labels:
+    app.kubernetes.io/name: "rhacs-vpa-recommender"
+    app.kubernetes.io/instance: {{ $.Release.Name | quote }}
+    app.kubernetes.io/version: {{ $.Chart.AppVersion | quote }}
+    app.kubernetes.io/managed-by: {{ $.Release.Service | quote }}
+    helm.sh/chart: "{{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_"}}"
+    meta.helm.sh/release-name: {{ $.Release.Name | quote }}
+    meta.helm.sh/release-namespace: {{ $.Release.Namespace | quote }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rhacs-vpa-recommender
+subjects:
+  - kind: ServiceAccount
+    name: rhacs-vpa-recommender
+    namespace: {{ .Release.Namespace }}

fleetshard/pkg/central/charts/data/rhacs-vertical-pod-autoscaling/values.yaml

@@ -0,0 +1 @@
+recommenders: []