From 4df8993a3191c7a9eb08e6324346eeb535c70222 Mon Sep 17 00:00:00 2001
From: umagnus <xinyuyuan@microsoft.com>
Date: Tue, 24 Sep 2024 08:31:16 +0000
Subject: [PATCH] add vpa to controller

---
 deploy/example/vpa/README.md                  | 154 ++++++++++++++++++
 deploy/example/vpa/install-vpa.sh             |  30 ++++
 deploy/example/vpa/uninstall-vpa.sh           |  29 ++++
 .../example/vpa/vertical-pod-autoscaler.yaml  |  16 ++
 hack/verify-yamllint.sh                       |   2 +-
 5 files changed, 230 insertions(+), 1 deletion(-)
 create mode 100644 deploy/example/vpa/README.md
 create mode 100755 deploy/example/vpa/install-vpa.sh
 create mode 100755 deploy/example/vpa/uninstall-vpa.sh
 create mode 100644 deploy/example/vpa/vertical-pod-autoscaler.yaml

diff --git a/deploy/example/vpa/README.md b/deploy/example/vpa/README.md
new file mode 100644
index 0000000000..5560a9b32d
--- /dev/null
+++ b/deploy/example/vpa/README.md
@@ -0,0 +1,154 @@
+# Vertical pod autoscaler to Azure disk CSI controller pods
+## Prerequisites: install vertical pod autoscaler
+You should install Vertical Pod Autoscaler first, please refer to the [vertical-pod-autoscaler](https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/README.md)
+
+In AKS, you should add label `admissions.enforcer/disabled: true` to admission controller webhooks to impact kube-system AKS namespaces, refer to [Can admission controller webhooks impact kube-system and internal AKS namespaces?](https://learn.microsoft.com/en-us/azure/aks/faq#can-admission-controller-webhooks-impact-kube-system-and-internal-aks-namespaces-), you can use --webhook-labels flag in vpa-admission-controller to set it, refer to [Running the admission-controller](https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/docs/components.md#:~:text=You%20can%20specify%20a%20comma%20separated%20list%20to%20set%20webhook%20labels%20with%20%2D%2Dwebhook%2Dlabels%2C%20example%20format%3A%20key1%3Avalue1%2Ckey2%3Avalue2.)
+> edit vpa-admission-controller deployment
+```
+k edit deploy vpa-admission-controller -n kube-system
+```
+add `- --webhook-labels=admissions.enforcer/disabled:true` in containers args
+```
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: vpa-admission-controller
+    spec:
+      containers:
+      - args:
+        - --v=4
+        - --stderrthreshold=info
+        - --reload-cert
+        - --webhook-labels=admissions.enforcer/disabled:true # add webhook-labels flags
+```
+
+> check vpa-admission-controller pod running 
+```
+k get po -n kube-system | grep vpa-admission-controller
+vpa-admission-controller-7fcb5c6b86-s69p8              1/1     Running   0               13m
+```
+
+## Create a VPA corresponding to CSI controller deployment
+> create a VPA for CSI controller
+```console
+kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/azuredisk-csi-driver/master/deploy/example/vpa/vertical-pod-autoscaler.yaml
+```
+> check the VPA config and current recommended resource requests
+```
+kubectl get vpa -n kube-system
+NAME                       MODE   CPU   MEM        PROVIDED   AGE
+csi-azuredisk-controller   Auto   15m   43690666   True       8s
+
+kubectl describe vpa csi-azuredisk-controller -n kube-system
+Name:         csi-azuredisk-controller
+Namespace:    kube-system
+Labels:       <none>
+Annotations:  <none>
+API Version:  autoscaling.k8s.io/v1
+Kind:         VerticalPodAutoscaler
+Metadata:
+  Creation Timestamp:  2024-09-25T02:54:36Z
+  Generation:          1
+  Resource Version:    417864
+  UID:                 6c393ae3-2f17-4efe-974c-2f0d1f4c635a
+Spec:
+  Resource Policy:
+    Container Policies:
+      Container Name:  *
+      Max Allowed:
+        Cpu:     15m
+        Memory:  50Gi
+  Target Ref:
+    API Version:  apps/v1
+    Kind:         Deployment
+    Name:         csi-azuredisk-controller
+  Update Policy:
+    Update Mode:  Auto
+Status:
+  Conditions:
+    Last Transition Time:  2024-09-25T02:55:13Z
+    Status:                True
+    Type:                  RecommendationProvided
+  Recommendation:
+    Container Recommendations:
+      Container Name:  azuredisk
+      Lower Bound:
+        Cpu:     10m
+        Memory:  43690666
+      Target:
+        Cpu:     15m
+        Memory:  43690666
+      Uncapped Target:
+        Cpu:     23m
+        Memory:  43690666
+      Upper Bound:
+        Cpu:           15m
+        Memory:        55999064
+      Container Name:  csi-attacher
+      Lower Bound:
+        Cpu:     10m
+        Memory:  43690666
+      Target:
+        Cpu:     11m
+        Memory:  43690666
+      Uncapped Target:
+        Cpu:     11m
+        Memory:  43690666
+      Upper Bound:
+        Cpu:           15m
+        Memory:        86115636
+      Container Name:  csi-provisioner
+      Lower Bound:
+        Cpu:     10m
+        Memory:  43690666
+      Target:
+        Cpu:     11m
+        Memory:  43690666
+      Uncapped Target:
+        Cpu:     11m
+        Memory:  43690666
+      Upper Bound:
+        Cpu:           15m
+        Memory:        55999064
+      Container Name:  csi-resizer
+      Lower Bound:
+        Cpu:     10m
+        Memory:  43690666
+      Target:
+        Cpu:     11m
+        Memory:  43690666
+      Uncapped Target:
+        Cpu:     11m
+        Memory:  43690666
+      Upper Bound:
+        Cpu:           15m
+        Memory:        55999064
+      Container Name:  csi-snapshotter
+      Lower Bound:
+        Cpu:     10m
+        Memory:  43690666
+      Target:
+        Cpu:     11m
+        Memory:  43690666
+      Uncapped Target:
+        Cpu:     11m
+        Memory:  43690666
+      Upper Bound:
+        Cpu:           15m
+        Memory:        55999064
+      Container Name:  liveness-probe
+      Lower Bound:
+        Cpu:     10m
+        Memory:  43690666
+      Target:
+        Cpu:     11m
+        Memory:  43690666
+      Uncapped Target:
+        Cpu:     11m
+        Memory:  43690666
+      Upper Bound:
+        Cpu:     15m
+        Memory:  43690666
+Events:          <none>
+```
\ No newline at end of file
diff --git a/deploy/example/vpa/install-vpa.sh b/deploy/example/vpa/install-vpa.sh
new file mode 100755
index 0000000000..5c05ec5c57
--- /dev/null
+++ b/deploy/example/vpa/install-vpa.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+# Copyright 2020 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+set +o xtrace
+
+repo="https://github.com/kubernetes/autoscaler.git"
+echo "Installing VPA ..."
+git clone $repo
+cd autoscaler/vertical-pod-autoscaler
+./hack/vpa-up.sh
+./pkg/admission-controller/gencerts.sh
+cd ../..
+rm -rf autoscaler
+
+echo 'VPA installed successfully.'
diff --git a/deploy/example/vpa/uninstall-vpa.sh b/deploy/example/vpa/uninstall-vpa.sh
new file mode 100755
index 0000000000..1f169e6d14
--- /dev/null
+++ b/deploy/example/vpa/uninstall-vpa.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+# Copyright 2020 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+set +o xtrace
+
+repo="https://github.com/kubernetes/autoscaler.git"
+echo "Uninstalling VPA ..."
+git clone $repo
+cd autoscaler/vertical-pod-autoscaler
+./hack/vpa-down.sh
+cd ../..
+rm -rf autoscaler
+
+echo 'VPA uninstalled successfully.'
diff --git a/deploy/example/vpa/vertical-pod-autoscaler.yaml b/deploy/example/vpa/vertical-pod-autoscaler.yaml
new file mode 100644
index 0000000000..11135d17c8
--- /dev/null
+++ b/deploy/example/vpa/vertical-pod-autoscaler.yaml
@@ -0,0 +1,16 @@
+apiVersion: autoscaling.k8s.io/v1
+kind: VerticalPodAutoscaler
+metadata:
+  name: csi-azuredisk-controller
+  namespace: kube-system
+spec:
+  targetRef:
+    apiVersion: "apps/v1"
+    kind: Deployment
+    name: csi-azuredisk-controller
+  resourcePolicy: 
+    containerPolicies:
+    - containerName: '*'
+      maxAllowed:
+        memory: 50Gi
+      controlledResources: ["memory"]
\ No newline at end of file
diff --git a/hack/verify-yamllint.sh b/hack/verify-yamllint.sh
index 96ca1107d7..6150d8dc16 100755
--- a/hack/verify-yamllint.sh
+++ b/hack/verify-yamllint.sh
@@ -29,7 +29,7 @@ if [[ "${deployDirNum}" != "${helmDirNum}" ]]; then
   exit 1
 fi
 
-for path in "deploy/*.yaml" "deploy/example/*.yaml" "deploy/example/metrics/*.yaml" "deploy/example/snapshot/*.yaml" "deploy/example/cloning/*.yaml" "deploy/example/rawblock/*.yaml" "deploy/example/windows/*.yaml" "deploy/example/sharedisk/*.yaml" "deploy/example/modifyvolume/*.yaml" "docs/known-issues/node-shutdown-recovery/*.yaml"
+for path in "deploy/*.yaml" "deploy/example/*.yaml" "deploy/example/metrics/*.yaml" "deploy/example/snapshot/*.yaml" "deploy/example/cloning/*.yaml" "deploy/example/rawblock/*.yaml" "deploy/example/windows/*.yaml" "deploy/example/sharedisk/*.yaml" "deploy/example/modifyvolume/*.yaml" "docs/known-issues/node-shutdown-recovery/*.yaml" "deploy/example/vpa/*.yaml"
 do
     echo "checking yamllint under path: $path ..."
     yamllint -f parsable $path | grep -v "line too long" > $LOG