VPA Installation on Kubernetes¶

The Vertical Pod Autoscaler (VPA) is a Kubernetes component that automatically adjusts the CPU and memory requests and limits for containers to optimize resource utilization.^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md] Because VPA is not enabled in the core Kubernetes API by default (unlike HPA), it requires manual installation via manifests or scripts from the official autoscaler repository.^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md]

Installation¶

VPA operates as a set of system components within the kube-system namespace^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md].

1. Download Source¶

To begin, clone the official Kubernetes autoscaler repository and navigate to the VPA directory^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md]:

git clone git@github.com:kubernetes/autoscaler.git
cd ./autoscaler/vertical-pod-autoscaler

2. Execute Installation Script¶

The repository provides a setup script, ./hack/vpa-up.sh, which handles the creation of necessary Custom Resource Definitions (CRDs), RBAC rules (ClusterRoles, ClusterRoleBindings), and Deployments^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md].

Run the script:

./hack/vpa-up.sh

3. Verify Deployment¶

Upon successful execution, three new deployments should be running in the kube-system namespace^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md]:

[kubectl get pods](<./kubectl-get-pods.md>) -n kube-system | grep vpa

Expected Components:

• vpa-recommender: Monitors resource utilization and computes recommended values.
• vpa-updater: Evicts Pods that need to be updated with new resource requests.
• vpa-admission-controller: Intercepts Pod creation requests via a Webhook to apply the recommended resource settings^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md].

You can also verify the installation by checking the API resources for the new CRDs^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md]:

[kubectl](<./kubectl.md>) api-resources | grep vpa

Troubleshooting¶

OpenSSL Version Errors¶

On macOS, the installation script may fail with an error message: unknown option -addext.^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md]

This occurs because the script relies on OpenSSL features not present in the default LibreSSL (an OpenSSL fork) included with macOS^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md].

Resolution:

1. Uninstall the failed VPA components using ./hack/vpa-down.sh^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md].
2. Install a compatible version of OpenSSL (e.g., LibreSSL via Homebrew):

   brew install libressl
   echo 'export PATH="/opt/homebrew/opt/libressl/bin:$PATH"' >> ~/.zshrc
   source ~/.zshrc
   

3. Re-run the installation script ./hack/vpa-up.sh^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md].

Configuration¶

Once installed, VPA behavior is configured using a VerticalPodAutoscaler custom resource^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md].

Update Modes:

• Off: VPA generates recommendations only; it does not automatically update Pods^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md].
• Initial: VPA applies recommendations only when a Pod is created (e.g., during Deployment scaling) and never updates existing Pods^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md].
• Auto: VPA automatically evicts Pods that need updating and recreates them with the recommended resource requests/limits^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md].
• Recreate: Similar to Auto, but ensures Pods are recreated on restart^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md].

Related Concepts¶

• Horizontal Pod Autoscaler
• Cluster Autoscaler
• Kubernetes

Sources¶

^[400-devops__06-Kubernetes__k8s-ithelp__Day27__README.md]