AEP-8818: InPlace Update Mode

[omerap12]

What type of PR is this?

/kind documentation

What this PR does / why we need it:

AEP for #8720

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

NONE

[k8s-ci-robot]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: omerap12
Once this PR has been reviewed and has the lgtm label, please assign gjtempleton for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• vertical-pod-autoscaler/enhancements/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[omerap12]

/cc @adrianmoisey @maxcao13

[omerap12]

/kind api-review

[k8s-ci-robot]

@omerap12: The label(s) kind/api-review cannot be applied, because the repository doesn't have them.

In response to this:

/kind api-review

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[omerap12]

/label kind/api-review

[k8s-ci-robot]

@omerap12: The label(s) /label kind/api-review cannot be applied. These labels are supported: api-review, tide/merge-method-merge, tide/merge-method-rebase, tide/merge-method-squash, team/katacoda, refactor, ci-short, ci-extended, ci-full. Is this label configured under labels -> additional_labels or labels -> restricted_labels in plugin.yaml?

In response to this:

/label kind/api-review

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[omerap12]

/label api-review

[iamzili]

/lgtm

@omerap12 If you have a draft PR that makes sense to review, then let me know Omer.

[k8s-ci-robot]

@iamzili: changing LGTM is restricted to collaborators

In response to this:

/lgtm

@omerap12 If you have a draft PR that makes sense to review, then let me know Omer.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[maxcao13]

I'll take a look at this next week @omerap12 sorry for the delay 🥲

[adrianmoisey]

Minor nit, are these supposed to be indented the same level?

[omerap12]

No sure, I'll try to fmt soon

[adrianmoisey]

Suggested change

	- `PodResizePending` (reason: `Deferred`) - Kubelet will retry automatically, , VPA continues to defer.
	- `PodResizePending` (reason: `Deferred`) - Kubelet will retry automatically, VPA continues to defer.

[adrianmoisey]

Just want to check: it won't evict and it won't in-place update?

Also, what does the admission-controller do when the feature gate is disabled but a pod is set to InPlace?

[omerap12]

The admission controller will deny the the request ref

[omerap12]

Just want to check: it won't evict and it won't in-place update?

That’s what I assumed, because if someone wants to use in-place mode only, it likely means the workload can’t be evicted. In that case, I think the correct action is to do nothing.

[adrianmoisey]

Well, what if someone does this:

1. Upgrades to this version of VPA and enables the feature gate
2. Uses the InPlace mode on a VPA
3. Disables the feature gate
4. Deletes a Pod from the VPA pointing at InPlace

Does the admission-controller:

1. Set the resources as per the recommendation (as if the VPA was in "Initial" mode)
2. Ignore the pod (as if the VPA was in "Off" mode)
3. Something else..

[omerap12]

TBH I didn't test it. but it should be 1

[omerap12]

Just checked, we set the resources as per the recommendation.

[adrianmoisey]

Cool, that's worth clarifying here

[adrianmoisey]

Suggested change

	- Change the behavior of existing update modes (Auto, Recreate, InPlaceOrRecreate)
	- Change the behavior of existing update modes (Off, Recreate, InPlaceOrRecreate)

Not sure if adding Auto makes sense, since it's deprecated? I'll let you decide.

[maxcao13]

Should we have a backoff policy for retrying, or do we think linear retry is sufficient if we keep failing?

[maxcao13]

Do we think we should have some small note that this update mode is subject to the behavior of the inplacepodverticalscaling gate, such that it's possible (but improbable) that a resize can cause an OOMkill during a memory limit downsize?

Though I don't actually know the probability of this happening if a limit gets resized close to the usage, I think it may be useful to callout since we emphasize that brief disruptions are unnacceptable.

I think to mitigate risk here we may want to recommend that if you absolutely cannot tolerate disruption (i.e. unintended OOMkill), then you can either:

1. disallow memory limits for your no disruption container
2. if you must allow VPA to set memory limits, then you should configure the VPA to generate more generous/conservative memory limit recommendations as a safety buffer.

^ Though this may or may not be better for our docs, instead of getting into it in the AEP here.

Thoughts? cc @adrianmoisey

[adrianmoisey]

I think you're right.
I was thinking a similar though on the "Provide a truly non-disruptive VPA update mode that never evicts pods" goal.

I think it may be worth softening the language in the AEP (since we can't make guarantees that resizes are non-disruptive)

I also agree that most of what you suggested may be good for the docs

[maxcao13]

Related: #8805