feat(chart): VPA Updater leaderElection

Signed-off-by: phuhung273 <[email protected]>

Author: phuhung273

vertical-pod-autoscaler/charts/vertical-pod-autoscaler/README.md

@@ -97,9 +97,15 @@ The Vertical Pod Autoscaler (VPA) automatically adjusts the CPU and memory resou
 | updater.image.pullPolicy | string | `"IfNotPresent"` |  |
 | updater.image.repository | string | `"registry.k8s.io/autoscaling/vpa-updater"` |  |
 | updater.image.tag | string | `nil` |  |
+| updater.leaderElection.enabled | string | `nil` |  |
+| updater.leaderElection.leaseDuration | string | `"15s"` |  |
+| updater.leaderElection.renewDeadline | string | `"10s"` |  |
+| updater.leaderElection.resourceName | string | `"vpa-updater-lease"` |  |
+| updater.leaderElection.resourceNamespace | string | `""` |  |
+| updater.leaderElection.retryPeriod | string | `"2s"` |  |
 | updater.podAnnotations | object | `{}` |  |
 | updater.podLabels | object | `{}` |  |
-| updater.replicas | int | `1` |  |
+| updater.replicas | int | `2` |  |
 | updater.serviceAccount.annotations | object | `{}` |  |
 | updater.serviceAccount.create | bool | `true` |  |
 | updater.serviceAccount.labels | object | `{}` |  |

vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater-deployment.yaml

@@ -40,6 +40,22 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
+          args:
+          - --v=4
+          - --stderrthreshold=info
+          {{- /* Smart auto-enable: if enabled is null, auto-enable when replicas > 1 */ -}}
+          {{- $leaderElectionEnabled := .Values.updater.leaderElection.enabled }}
+          {{- if eq $leaderElectionEnabled nil }}
+            {{- $leaderElectionEnabled = gt (int .Values.updater.replicas) 1 }}
+          {{- end }}
+          {{- if $leaderElectionEnabled }}
+          - --leader-elect=true
+          - --leader-elect-resource-namespace={{ .Values.updater.leaderElection.resourceNamespace | default .Release.Namespace }}
+          - --leader-elect-resource-name={{ .Values.updater.leaderElection.resourceName }}
+          - --leader-elect-lease-duration={{ .Values.updater.leaderElection.leaseDuration }}
+          - --leader-elect-renew-deadline={{ .Values.updater.leaderElection.renewDeadline }}
+          - --leader-elect-retry-period={{ .Values.updater.leaderElection.retryPeriod }}
+          {{- end }}
           ports:
             - name: prometheus
               containerPort: 8943

vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater-role.yaml

@@ -1,18 +1,17 @@
-{{- if and (.Values.updater.enabled) .Values.updater.serviceAccount.create -}}
+{{- if and .Values.updater.enabled .Values.rbac.create -}}
+{{- /* Smart auto-enable: if enabled is null, auto-enable when replicas > 1 */ -}}
+{{- $leaderElectionEnabled := .Values.updater.leaderElection.enabled }}
+{{- if eq $leaderElectionEnabled nil }}
+  {{- $leaderElectionEnabled = gt (int .Values.updater.replicas) 1 }}
+{{- end }}
+{{- if $leaderElectionEnabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: {{ include "vertical-pod-autoscaler.updater.fullname" . }}-leader-locking
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "vertical-pod-autoscaler.updater.labels" . | nindent 4 }}
-  {{- with .Values.updater.serviceAccount.labels }}
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  {{- with .Values.updater.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
 rules:
   - apiGroups:
       - "coordination.k8s.io"
@@ -24,10 +23,12 @@ rules:
       - "coordination.k8s.io"
     resourceNames:
       - vpa-updater
+      - {{ .Values.updater.leaderElection.resourceName }}
     resources:
       - leases
     verbs:
       - get
       - watch
       - update
 {{- end -}}
+{{- end -}}

vertical-pod-autoscaler/charts/vertical-pod-autoscaler/templates/updater-rolebinding.yaml

@@ -1,4 +1,10 @@
-{{- if and (.Values.updater.enabled) .Values.rbac.create -}}
+{{- if and .Values.updater.enabled .Values.rbac.create -}}
+{{- /* Smart auto-enable: if enabled is null, auto-enable when replicas > 1 */ -}}
+{{- $leaderElectionEnabled := .Values.updater.leaderElection.enabled }}
+{{- if eq $leaderElectionEnabled nil }}
+  {{- $leaderElectionEnabled = gt (int .Values.updater.replicas) 1 }}
+{{- end }}
+{{- if $leaderElectionEnabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
@@ -13,3 +19,4 @@ subjects:
     name: {{ include "vertical-pod-autoscaler.updater.fullname" . }}
     namespace: {{ .Release.Namespace }}
 {{- end -}}
+{{- end -}}

vertical-pod-autoscaler/charts/vertical-pod-autoscaler/values.yaml

@@ -191,7 +191,7 @@ updater:
     pullPolicy: IfNotPresent
 
   # Number of Updater replicas to create.
-  replicas: 1
+  replicas: 2
 
   # Labels to add to the Updater pod.
   podLabels: {}
@@ -205,3 +205,19 @@ updater:
     labels: {}
     # Annotations to add to the Updater service account.
     annotations: {}
+  
+  # Leader election configuration for the Updater.
+  # When running multiple replicas, leader election ensures only one instance is actively processing.
+  leaderElection:
+    # Enable leader election. If not set (null), automatically enabled when replicas > 1
+    enabled:
+    # Namespace for the lease resource. Defaults to Release.Namespace if not set.
+    resourceNamespace: ""
+    # Name of the lease resource.
+    resourceName: vpa-updater-lease
+    # Duration that non-leader candidates will wait after observing a leadership renewal.
+    leaseDuration: 15s
+    # Interval between attempts by the acting master to renew a leadership slot.
+    renewDeadline: 10s
+    # Duration the clients should wait between attempting acquisition and renewal of a leadership.
+    retryPeriod: 2s