Automating Vertical Pod Autoscaler installations

Automating Vertical Pod Autoscaler installations

Today we will shortly describe how in an automated way you can avoid manual installation of of Vertical Pod Autoscaler ( VPA ) for Kubernetes. 

For simplicity of this post in our case  - we manage our infrastructure using ArgoCD with multiple frameworks enabling the platform to be very robust. 

That is the reason why having custom/manual interactions in our clusters is not an acceptable approach - it just doesn't scale nor its sustainable from an operations perspective.


The problem ....

When looking at the documentation on installation process you will notice at certain moment that there is a need to generate an SSL certificates which would be used by VPA admission hook. 

The certs generation is just a plain bash script which ( documentation says) has to be executed using context of your target Kubernetes cluster. 

Now as much as this could be ok during a PoC phase or viable for a single cluster in enterprise environments consisting of multiple clusters it just does not scale.

One of the possible solutions

So, what is the way to solve this? Well, it's quite straightforward if you do have cert-manager installed in your Kubernetes ecosystem.  

I will not be covering details of installation & configuration of cert-manager - but will provide snippet for certificate assuming you do have a self signing ClusterIssuer CA. 

kind: Certificate
name: vpa-admission-webhook
namespace: kube-system
secretName: vpa-tls-certs
- vpa-webhook.kube-system.svc
name: root-issuer # comes from the cert-manager installation of our own CA
kind: ClusterIssuer

With this you are almost done. The only change left is to modify the deployment args for the admission controller to contain different paths of the certs.

Below, we share the Kustomize patch, which you can use to address that.

 - target:
group: apps
version: v1
kind: Deployment
name: vpa-admission-controller 
patch: |-
- op: replace
path: /spec/template/spec/containers/0/args
value: ["--client-ca-file=/etc/tls-certs/ca.crt", "--tls-cert-file=/etc/tls-certs/tls.crt", "--tls-private-key=/etc/tls-certs/tls.key"]

After that, you will have a fully operational installation of Vertical Pod Autoscaler for your environments. 

Image link

Need an engineer help ?

Boost your project with our automation experts. Let's talk about challenges!
Related Posts
Leave a Reply

Your email address will not be published.Required fields are marked *