Belajar Kubernetes - Episode 31 - Pengenalan dan Penjelasan Vertical Pod Autoscaler
Di episode ini kita akan coba bahas Kubernetes Vertical Pod Autoscaler (VPA) untuk automatic resource sizing. Kita akan mempelajari bagaimana VPA work, cara install dan configure, update mode, dan best practice untuk right-sizing Pod resource automatically.
#Pendahuluan
Catatan
Untuk kalian yang ingin membaca episode sebelumnya, bisa click thumbnail episode 30 di bawah ini
Episode 30Di episode sebelumnya kita sudah belajar tentang Horizontal Pod Autoscaler (HPA) yang scale number Pod. Selanjutnya di episode 31 kali ini, kita akan coba bahas Vertical Pod Autoscaler (VPA), yang automatically adjust CPU dan memory request dan limit untuk container based on actual usage.
Catatan: Disini saya akan menggunakan Kubernetes Cluster yang di install melalui K3s.
Sementara HPA scale horizontally (more Pod), VPA scale vertically (bigger Pod). Setting right resource request challenging - terlalu rendah cause OOMKill dan throttling, terlalu tinggi waste resource. VPA solve ini dengan continuously analyzing usage dan recommending atau applying optimal resource value.
#Apa Itu Vertical Pod Autoscaler?
Vertical Pod Autoscaler (VPA) automatically adjust CPU dan memory request dan limit untuk container based on historical dan current resource usage.
Bayangkan VPA seperti tailor - dia measure actual size kalian (resource usage) dan adjust clothes kalian (resource request/limit) untuk fit perfectly. Instead of guessing size, VPA gunakan real data untuk right-size Pod kalian.
Karakteristik kunci VPA:
- Automatic right-sizing - Adjust resource request/limit
- Historical analysis - Gunakan past usage pattern
- Recommendation mode - Suggest value tanpa applying
- Auto mode - Apply change automatically
- Initial mode - Set resource di Pod creation only
- Prevent waste - Reduce over-provisioning
- Prevent failure - Avoid under-provisioning
- Work dengan Deployment - Compatible dengan standard workload
#VPA vs HPA
Memahami key difference:
| Aspek | VPA | HPA |
|---|---|---|
| Scaling Direction | Vertical (resource size) | Horizontal (replica count) |
| What Change | CPU/Memory request/limit | Number Pod |
| Require Restart | Yes (di Auto/Recreate mode) | No |
| Use Case | Right-size resource | Handle traffic spike |
| Metric | Historical usage | Current metric |
| Response Time | Slower (require restart) | Faster (add Pod) |
| Best For | Stateful workload | Stateless workload |
Bisa gunakan together:
- VPA: Right-size individual Pod
- HPA: Scale number Pod
- Combine untuk optimal resource utilization
Warning
Peringatan: Jangan gunakan VPA dan HPA pada same CPU/memory metric simultaneously - mereka bisa conflict. Gunakan HPA untuk CPU/memory, VPA untuk resource lain, atau HPA untuk scaling dan VPA di recommendation mode.
#Kenapa Gunakan VPA?
VPA solve critical resource management challenge:
- Eliminate guesswork - No need to estimate resource need
- Optimize cost - Reduce over-provisioning waste
- Prevent failure - Avoid OOMKill dari under-provisioning
- Adapt to change - Adjust as application behavior evolve
- Save time - No manual resource tuning
- Improve efficiency - Better cluster utilization
- Handle variability - Adapt ke workload change
- Data-driven decision - Based on actual usage
Tanpa VPA, kalian either waste resource (over-provision) atau risk failure (under-provision), dan harus manually adjust as application change.
#Bagaimana VPA Bekerja
#VPA Component
VPA consist of tiga component:
1. Recommender:
- Monitor resource usage
- Analyze historical data
- Calculate recommended value
- Update VPA object dengan recommendation
2. Updater:
- Check jika Pod need update
- Evict Pod yang need resource change
- Respect Pod Disruption Budget
- Trigger Pod recreation
3. Admission Controller:
- Intercept Pod creation
- Apply VPA recommendation
- Set resource request/limit
- Work as mutating webhook
#VPA Control Loop
- Monitor - Recommender watch Pod metric
- Analyze - Calculate optimal resource value
- Recommend - Update VPA object dengan recommendation
- Decide - Updater check jika change needed
- Evict - Updater evict Pod (jika Auto mode)
- Apply - Admission Controller set new value on recreation
#Instalasi VPA
VPA tidak installed by default. Mari kita install.
#Prerequisite
- Kubernetes cluster (1.11+)
- Metrics Server installed
- kubectl access
#Installation Step
Clone VPA repository:
git clone https://github.com/kubernetes/autoscaler.git
cd autoscaler/vertical-pod-autoscalerInstall VPA:
./hack/vpa-up.shIni install:
- VPA CRD (CustomResourceDefinition)
- VPA Recommender
- VPA Updater
- VPA Admission Controller
Verify installation:
kubectl get pods -n kube-system | grep vpaOutput:
vpa-admission-controller-xxx 1/1 Running 0 1m
vpa-recommender-xxx 1/1 Running 0 1m
vpa-updater-xxx 1/1 Running 0 1mCheck VPA CRD:
kubectl get crd | grep verticalpodautoscalerOutput:
verticalpodautoscalercheckpoints.autoscaling.k8s.io
verticalpodautoscalers.autoscaling.k8s.io#VPA Update Mode
VPA support different update mode:
#Off Mode (Recommendation Only)
VPA calculate recommendation tapi tidak apply:
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: my-app-vpa
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: my-app
updatePolicy:
updateMode: "Off"Use case:
- Testing VPA recommendation
- Manual review sebelum applying
- Learning resource pattern
- Generating report
#Initial Mode
VPA set resource hanya ketika Pod created, never update running Pod:
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: my-app-vpa
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: my-app
updatePolicy:
updateMode: "Initial"Use case:
- Set initial resource untuk new Pod
- Avoid disrupting running Pod
- Gradual rollout VPA
#Recreate Mode (Default)
VPA evict dan recreate Pod dengan new resource value:
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: my-app-vpa
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: my-app
updatePolicy:
updateMode: "Recreate"Behavior:
- Evict Pod ketika resource need adjustment
- Deployment controller recreate Pod
- Admission Controller apply new value
- Cause brief downtime per Pod
Use case:
- Automatic resource optimization
- Stateless application
- Ketika brief disruption acceptable
#Auto Mode
VPA automatically update Pod (currently same as Recreate):
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: my-app-vpa
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: my-app
updatePolicy:
updateMode: "Auto"Catatan
Auto mode currently behave seperti Recreate. In-place update (tanpa Pod restart) planned untuk future Kubernetes version.
#Membuat VPA
#Basic VPA Example
Create Deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 2
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: app
image: nginx:1.25
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "200m"
memory: "256Mi"Create VPA:
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: my-app-vpa
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: my-app
updatePolicy:
updateMode: "Auto"Apply:
kubectl apply -f app-deployment.yml
kubectl apply -f app-vpa.yml#VPA dengan Resource Policy
Control resource mana yang VPA bisa modify:
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: my-app-vpa
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: my-app
updatePolicy:
updateMode: "Auto"
resourcePolicy:
containerPolicies:
- containerName: "app"
mode: "Auto"
minAllowed:
cpu: "50m"
memory: "64Mi"
maxAllowed:
cpu: "1000m"
memory: "1Gi"
controlledResources:
- cpu
- memoryResource Policy Option:
- mode: Auto, Off (per container)
- minAllowed: Minimum resource value
- maxAllowed: Maximum resource value
- controlledResources: Resource mana yang manage (cpu, memory)
#VPA untuk Specific Container
Target specific container di multi-container Pod:
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: my-app-vpa
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: my-app
updatePolicy:
updateMode: "Auto"
resourcePolicy:
containerPolicies:
# Main application container
- containerName: "app"
mode: "Auto"
minAllowed:
cpu: "100m"
memory: "128Mi"
maxAllowed:
cpu: "2000m"
memory: "2Gi"
# Sidecar container
- containerName: "sidecar"
mode: "Off" # Jangan modify sidecar#Melihat VPA Recommendation
#Get VPA Status
kubectl get vpaOutput:
NAME MODE CPU MEM PROVIDED AGE
my-app-vpa Auto 150m 256Mi True 5m#Describe VPA
kubectl describe vpa my-app-vpaOutput show recommendation:
Name: my-app-vpa
Namespace: default
API Version: autoscaling.k8s.io/v1
Kind: VerticalPodAutoscaler
Recommendation:
Container Recommendations:
Container Name: app
Lower Bound:
Cpu: 100m
Memory: 128Mi
Target:
Cpu: 150m
Memory: 256Mi
Uncapped Target:
Cpu: 150m
Memory: 256Mi
Upper Bound:
Cpu: 300m
Memory: 512MiRecommendation Field:
- Lower Bound: Minimum recommended (avoid OOMKill)
- Target: Recommended optimal value
- Uncapped Target: Recommendation tanpa policy limit
- Upper Bound: Maximum recommended (avoid waste)
#View VPA YAML
kubectl get vpa my-app-vpa -o yaml#Contoh Praktis
#Contoh 1: Web Application dengan VPA
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-app
spec:
replicas: 3
selector:
matchLabels:
app: web
template:
metadata:
labels:
app: web
spec:
containers:
- name: nginx
image: nginx:1.25
ports:
- containerPort: 80
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: web-app-vpa
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: web-app
updatePolicy:
updateMode: "Auto"
resourcePolicy:
containerPolicies:
- containerName: "nginx"
minAllowed:
cpu: "50m"
memory: "64Mi"
maxAllowed:
cpu: "1000m"
memory: "1Gi"#Contoh 2: Database dengan VPA (Recommendation Only)
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: postgres
spec:
serviceName: postgres
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:15
resources:
requests:
cpu: "500m"
memory: "512Mi"
limits:
cpu: "2000m"
memory: "2Gi"
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: postgres-vpa
spec:
targetRef:
apiVersion: apps/v1
kind: StatefulSet
name: postgres
updatePolicy:
updateMode: "Off" # Recommendation only untuk database#Contoh 3: Microservice dengan Multiple Container
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-service
spec:
replicas: 3
selector:
matchLabels:
app: api
template:
metadata:
labels:
app: api
spec:
containers:
- name: api
image: myapi:latest
resources:
requests:
cpu: "200m"
memory: "256Mi"
- name: log-agent
image: fluent/fluentd:v1.16
resources:
requests:
cpu: "50m"
memory: "64Mi"
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: api-service-vpa
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: api-service
updatePolicy:
updateMode: "Auto"
resourcePolicy:
containerPolicies:
- containerName: "api"
mode: "Auto"
minAllowed:
cpu: "100m"
memory: "128Mi"
maxAllowed:
cpu: "2000m"
memory: "2Gi"
- containerName: "log-agent"
mode: "Auto"
minAllowed:
cpu: "25m"
memory: "32Mi"
maxAllowed:
cpu: "200m"
memory: "256Mi"#Contoh 4: VPA dengan Initial Mode
apiVersion: apps/v1
kind: Deployment
metadata:
name: worker
spec:
replicas: 5
selector:
matchLabels:
app: worker
template:
metadata:
labels:
app: worker
spec:
containers:
- name: worker
image: myworker:latest
resources:
requests:
cpu: "100m"
memory: "128Mi"
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: worker-vpa
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: worker
updatePolicy:
updateMode: "Initial" # Hanya set di Pod creation#Testing VPA
#Deploy Application
kubectl apply -f app-deployment.yml
kubectl apply -f app-vpa.yml#Generate Load
Create load untuk trigger resource usage:
kubectl run -it --rm load-generator --image=busybox:1.36 --restart=Never -- /bin/sh
# Generate CPU load
while true; do :; done#Watch VPA Recommendation
kubectl get vpa my-app-vpa --watch#Check Pod Resource
Sebelum VPA:
kubectl get pod <pod-name> -o yaml | grep -A 5 resourcesSetelah VPA update (di Auto mode):
# VPA akan evict dan recreate Pod
kubectl get pods -w
# Check new resource value
kubectl get pod <new-pod-name> -o yaml | grep -A 5 resources#VPA Limitation
#Current Limitation
1. Require Pod Restart:
- VPA tidak bisa update resource in-place
- Pod harus evicted dan recreated
- Cause brief downtime
2. Not untuk Horizontal Scaling:
- VPA adjust resource size, bukan replica count
- Gunakan HPA untuk scaling replica
3. Conflict dengan HPA:
- Jangan gunakan both pada same CPU/memory metric
- Bisa cause scaling conflict
4. No Downscaling Protection:
- VPA bisa reduce resource aggressively
- Mungkin cause issue jika recommendation terlalu rendah
5. Limited History:
- Recommendation based on recent history
- Mungkin tidak capture long-term pattern
6. Experimental Status:
- VPA masih beta/experimental
- Not recommended untuk critical production workload tanpa testing
#Kesalahan Umum dan Pitfall
#Kesalahan 1: Menggunakan VPA dan HPA Together pada Same Metric
Problem: VPA dan HPA conflict ketika both target CPU/memory.
# Bad: Both VPA dan HPA pada CPU
# VPA adjust CPU request
# HPA scale based on CPU utilization
# Mereka fight each otherSolusi: Gunakan different metric atau mode:
# Option 1: VPA di Off mode (recommendation only)
updatePolicy:
updateMode: "Off"
# Option 2: HPA pada CPU, VPA pada memory only
resourcePolicy:
containerPolicies:
- containerName: "app"
controlledResources:
- memory # VPA hanya manage memory#Kesalahan 2: No Min/Max Limit
Problem: VPA bisa set extreme value.
Solusi: Selalu set boundary:
resourcePolicy:
containerPolicies:
- containerName: "app"
minAllowed:
cpu: "50m"
memory: "64Mi"
maxAllowed:
cpu: "2000m"
memory: "4Gi"#Kesalahan 3: Menggunakan Auto Mode pada Stateful Workload
Problem: Pod eviction cause data loss atau downtime.
Solusi: Gunakan Off atau Initial mode untuk stateful app:
# Untuk database, gunakan Off mode
updatePolicy:
updateMode: "Off"#Kesalahan 4: No Initial Resource
Problem: VPA need baseline untuk start from.
Solusi: Selalu set initial request:
resources:
requests:
cpu: "100m" # Set reasonable initial value
memory: "128Mi"#Kesalahan 5: Ignore Recommendation
Problem: Running VPA di Off mode tapi never checking recommendation.
Solusi: Regularly review dan apply recommendation:
kubectl describe vpa my-app-vpa
# Review Target recommendation
# Update Deployment manually jika needed#Best Practice
#Start dengan Off Mode
Test VPA sebelum enable Auto mode:
# Phase 1: Observe recommendation
updatePolicy:
updateMode: "Off"
# Phase 2: Setelah validation, enable Auto
updatePolicy:
updateMode: "Auto"#Set Appropriate Boundary
Define min/max based on workload:
resourcePolicy:
containerPolicies:
- containerName: "app"
minAllowed:
cpu: "100m" # Minimum untuk functionality
memory: "128Mi"
maxAllowed:
cpu: "2000m" # Maximum untuk cost control
memory: "2Gi"#Gunakan Initial Mode untuk Gradual Rollout
Avoid disrupting running Pod:
updatePolicy:
updateMode: "Initial" # Hanya affect new Pod#Monitor VPA Decision
Track VPA behavior:
# Watch VPA recommendation
kubectl get vpa --watch
# Check VPA event
kubectl describe vpa my-app-vpa
# Monitor Pod eviction
kubectl get events --sort-by='.lastTimestamp'#Combine dengan Pod Disruption Budget
Protect availability during update:
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: my-app-pdb
spec:
minAvailable: 2
selector:
matchLabels:
app: my-app#Gunakan untuk Right-Sizing, Bukan Scaling
VPA untuk resource optimization, bukan traffic handling:
- VPA: Right-size individual Pod
- HPA: Scale untuk traffic
- Cluster Autoscaler: Add node
#Document VPA Configuration
Add annotation explaining choice:
metadata:
annotations:
vpa.note: "Auto mode dengan 100m-2000m CPU range based on load testing"#Troubleshooting VPA
#VPA Not Providing Recommendation
kubectl describe vpa my-app-vpa
# Status show: No recommendation availableCause:
- VPA component not running
- Insufficient metric data
- Target workload not found
Solusi:
# Check VPA component
kubectl get pods -n kube-system | grep vpa
# Check target exist
kubectl get deployment my-app
# Wait untuk metric collection (5-10 menit)#VPA Not Updating Pod
# Pod tidak being evicted despite recommendationCause:
- UpdateMode adalah Off atau Initial
- Pod Disruption Budget blocking eviction
- Recommendation within current value
Solusi:
# Check update mode
kubectl get vpa my-app-vpa -o yaml | grep updateMode
# Check PDB
kubectl get pdb
# Check jika recommendation differ dari current
kubectl describe vpa my-app-vpa#Pod Constantly Restarting
# VPA keep evicting PodCause:
- Recommendation oscillating
- Min/max limit terlalu narrow
- Workload highly variable
Solusi:
# Widen min/max range
maxAllowed:
cpu: "4000m" # Increase dari 2000m
memory: "4Gi" # Increase dari 2Gi
# Atau switch ke Off mode
updatePolicy:
updateMode: "Off"#VPA Recommendation Terlalu Tinggi/Rendah
kubectl describe vpa my-app-vpa
# Target: 4000m CPU (seem terlalu tinggi)Solusi:
# Set maxAllowed untuk cap recommendation
resourcePolicy:
containerPolicies:
- containerName: "app"
maxAllowed:
cpu: "2000m"
memory: "2Gi"#Uninstall VPA
cd autoscaler/vertical-pod-autoscaler
./hack/vpa-down.shIni remove:
- VPA Deployment
- VPA CRD
- VPA configuration
#Melihat Detail VPA
#Get VPA
kubectl get vpa
kubectl get vpa -o wide
kubectl get vpa --all-namespaces#Describe VPA
kubectl describe vpa my-app-vpa#View VPA YAML
kubectl get vpa my-app-vpa -o yaml#Check VPA Component
kubectl get pods -n kube-system | grep vpa
kubectl logs -n kube-system <vpa-recommender-pod>#Menghapus VPA
kubectl delete vpa my-app-vpaPod continue running dengan current resource value.
#Penutup
Pada episode 31 ini, kita telah membahas Vertical Pod Autoscaler (VPA) di Kubernetes secara mendalam. Kita sudah belajar bagaimana VPA automatically right-size Pod resource based on actual usage, different update mode, dan best practice untuk production use.
Key takeaway:
- VPA automatically adjust CPU dan memory request/limit
- Analyze historical usage untuk recommend optimal value
- Empat update mode: Off, Initial, Recreate, Auto
- Off mode: Recommendation only (no change)
- Initial mode: Set resource di Pod creation only
- Recreate/Auto mode: Evict dan recreate Pod dengan new value
- Require VPA installation (not default di Kubernetes)
- Resource policy define min/max boundary
- Jangan combine VPA dan HPA pada same metric
- VPA require Pod restart untuk apply change
- Gunakan Off mode untuk testing dan stateful workload
- Set min/max limit untuk prevent extreme value
- Pod Disruption Budget protect availability
- VPA adalah beta/experimental - test thoroughly
- Best untuk right-sizing, bukan traffic scaling
Vertical Pod Autoscaler essential untuk optimizing resource utilization di Kubernetes. Dengan memahami VPA configuration dan limitation, kalian bisa automatically right-size Pod, reduce waste, dan prevent resource-related failure tanpa manual tuning.
Bagaimana, makin jelas kan tentang Vertical Pod Autoscaler di Kubernetes? Jadi, pastikan tetap semangat belajar dan nantikan episode selanjutnya!
Catatan
Untuk kalian yang ingin melanjutkan ke episode selanjutnya, bisa click thumbnail episode 32 di bawah ini
Episode 32