Merge branch 'update-autoscaler' into 'master'

[#14786] Update cluster-autoscaler chart

See merge request kubernetes/k8id!1037

argocd-helm-charts/cluster-autoscaler/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: cluster-autoscaler
   repository: https://kubernetes.github.io/autoscaler
-  version: 9.23.0
-digest: sha256:fa7f4ed08b3760a092925a6f2331815d1c077ffa4008b1c647803c23d199e265
-generated: "2023-02-03T05:05:12.789843478Z"
+  version: 9.29.3
+digest: sha256:697a1032e0023d622e30794e8482b9027764b5654f89e76792d2a129f9a61168
+generated: "2023-10-09T13:43:51.250355135+05:30"

argocd-helm-charts/cluster-autoscaler/Chart.yaml

@@ -3,6 +3,6 @@ name: cluster-autoscaler
 version: 1.21.1
 dependencies:
   - name: cluster-autoscaler
-    version: 9.23.0
+    version: 9.29.3
     repository: https://kubernetes.github.io/autoscaler
     #repository: "oci://ghcr.io/Obmondo"

argocd-helm-charts/cluster-autoscaler/charts/cluster-autoscaler/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.23.0
+appVersion: 1.27.2
 description: Scales Kubernetes worker nodes within autoscaling groups.
 home: https://github.com/kubernetes/autoscaler
 icon: https://github.com/kubernetes/kubernetes/raw/master/logo/logo.png
@@ -10,4 +10,4 @@ name: cluster-autoscaler
 sources:
 - https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler
 type: application
-version: 9.23.0
+version: 9.29.3

argocd-helm-charts/cluster-autoscaler/charts/cluster-autoscaler/README.md

@@ -2,20 +2,20 @@
 
 Scales Kubernetes worker nodes within autoscaling groups.
 
-## TL;DR:
+## TL;DR
 
 ```console
 $ helm repo add autoscaler https://kubernetes.github.io/autoscaler
 
 # Method 1 - Using Autodiscovery
 $ helm install my-release autoscaler/cluster-autoscaler \
---set 'autoDiscovery.clusterName'=<CLUSTER NAME>
+    --set 'autoDiscovery.clusterName'=<CLUSTER NAME>
 
 # Method 2 - Specifying groups manually
 $ helm install my-release autoscaler/cluster-autoscaler \
---set "autoscalingGroups[0].name=your-asg-name" \
---set "autoscalingGroups[0].maxSize=10" \
---set "autoscalingGroups[0].minSize=1"
+    --set "autoscalingGroups[0].name=your-asg-name" \
+    --set "autoscalingGroups[0].maxSize=10" \
+    --set "autoscalingGroups[0].minSize=1"
 ```
 
 ## Introduction
@@ -68,10 +68,10 @@ Either:
 
 To create a valid configuration, follow instructions for your cloud provider:
 
-* [AWS](#aws---using-auto-discovery-of-tagged-instance-groups)
-* [GCE](#gce)
-* [Azure AKS](#azure-aks)
-* [OpenStack Magnum](#openstack-magnum)
+- [AWS](#aws---using-auto-discovery-of-tagged-instance-groups)
+- [GCE](#gce)
+- [Azure AKS](#azure-aks)
+- [OpenStack Magnum](#openstack-magnum)
 
 ### AWS - Using auto-discovery of tagged instance groups
 
@@ -84,13 +84,19 @@ Auto-discovery finds ASGs tags as below and automatically manages them based on
 - Set (option) `awsAccessKeyID=<YOUR AWS KEY ID>` and `awsSecretAccessKey=<YOUR AWS SECRET KEY>` if you want to [use AWS credentials directly instead of an instance role](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md#using-aws-credentials)
 
 ```console
-$ helm install my-release autoscaler/cluster-autoscaler --set autoDiscovery.clusterName=<CLUSTER NAME> --set awsRegion=<YOUR AWS REGION>
+$ helm install my-release autoscaler/cluster-autoscaler \
+    --set autoDiscovery.clusterName=<CLUSTER NAME> \
+    --set awsRegion=<YOUR AWS REGION>
 ```
 
 Alternatively with your own AWS credentials
 
 ```console
-$ helm install my-release autoscaler/cluster-autoscaler --set autoDiscovery.clusterName=<CLUSTER NAME> --set awsRegion=<YOUR AWS REGION> --set awsAccessKeyID=<YOUR AWS KEY ID> --set awsSecretAccessKey=<YOUR AWS SECRET KEY>
+$ helm install my-release autoscaler/cluster-autoscaler \
+    --set autoDiscovery.clusterName=<CLUSTER NAME> \
+    --set awsRegion=<YOUR AWS REGION> \
+    --set awsAccessKeyID=<YOUR AWS KEY ID> \
+    --set awsSecretAccessKey=<YOUR AWS SECRET KEY>
 ```
 
 #### Specifying groups manually
@@ -102,15 +108,14 @@ Without autodiscovery, specify an array of elements each containing ASG name, mi
 
 ```console
 $ helm install my-release autoscaler/cluster-autoscaler \
---set "autoscalingGroups[0].name=your-asg-name" \
---set "autoscalingGroups[0].maxSize=10" \
---set "autoscalingGroups[0].minSize=1"
+    --set "autoscalingGroups[0].name=your-asg-name" \
+    --set "autoscalingGroups[0].maxSize=10" \
+    --set "autoscalingGroups[0].minSize=1"
 ```
 
 #### Auto-discovery
 
-For auto-discovery of instances to work, they must be tagged with the keys in `.Values.autoDiscovery.tags`, which by default are
-`k8s.io/cluster-autoscaler/enabled` and `k8s.io/cluster-autoscaler/<ClusterName>`
+For auto-discovery of instances to work, they must be tagged with the keys in `.Values.autoDiscovery.tags`, which by default are `k8s.io/cluster-autoscaler/enabled` and `k8s.io/cluster-autoscaler/<ClusterName>`.
 
 The value of the tag does not matter, only the key.
 
@@ -147,7 +152,7 @@ spec:
 
 In this example you would need to `--set autoDiscovery.clusterName=my.cluster.internal` when installing.
 
-It is not recommended to try to mix this with setting `autoscalingGroups`
+It is not recommended to try to mix this with setting `autoscalingGroups`.
 
 See [autoscaler AWS documentation](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md#auto-discovery-setup) for a more discussion of the setup.
 
@@ -163,9 +168,9 @@ To use Managed Instance Group (MIG) auto-discovery, provide a YAML file setting
 
 ```console
 $ helm install my-release autoscaler/cluster-autoscaler \
---set "autoscalingGroupsnamePrefix[0].name=your-ig-prefix,autoscalingGroupsnamePrefix[0].maxSize=10,autoscalingGroupsnamePrefi[0].minSize=1" \
---set autoDiscovery.clusterName=<CLUSTER NAME> \
---set cloudProvider=gce
+    --set "autoscalingGroupsnamePrefix[0].name=your-ig-prefix,autoscalingGroupsnamePrefix[0].maxSize=10,autoscalingGroupsnamePrefi[0].minSize=1" \
+    --set autoDiscovery.clusterName=<CLUSTER NAME> \
+    --set cloudProvider=gce
 ```
 
 Note that `your-ig-prefix` should be a _prefix_ matching one or more MIGs, and _not_ the full name of the MIG. For example, to match multiple instance groups - `k8s-node-group-a-standard`, `k8s-node-group-b-gpu`, you would use a prefix of `k8s-node-group-`.
@@ -174,7 +179,7 @@ In the event you want to explicitly specify MIGs instead of using auto-discovery
 
 ```
 # where 'n' is the index, starting at 0
--- set autoscalingGroups[n].name=https://content.googleapis.com/compute/v1/projects/$PROJECTID/zones/$ZONENAME/instanceGroupManagers/$FULL-MIG-NAME,autoscalingGroups[n].maxSize=$MAXSIZE,autoscalingGroups[n].minSize=$MINSIZE
+--set autoscalingGroups[n].name=https://content.googleapis.com/compute/v1/projects/$PROJECTID/zones/$ZONENAME/instanceGroupManagers/$FULL-MIG-NAME,autoscalingGroups[n].maxSize=$MAXSIZE,autoscalingGroups[n].minSize=$MINSIZE
 ```
 
 ### Azure AKS
@@ -199,28 +204,31 @@ The following parameters are required:
 - `magnumClusterName=<cluster name or ID>` and `autoscalingGroups` with the names of node groups and min/max node counts
 - or `autoDiscovery.clusterName=<cluster name or ID>` with one or more `autoDiscovery.roles`.
 
-Additionally, `cloudConfigPath: "/etc/kubernetes/cloud-config"` must be set as this should be the location
-of the cloud-config file on the host.
+Additionally, `cloudConfigPath: "/etc/kubernetes/cloud-config"` must be set as this should be the location of the cloud-config file on the host.
 
 Example values files can be found [here](../../cluster-autoscaler/cloudprovider/magnum/examples).
 
 Install the chart with
 
-```
+```console
 $ helm install my-release autoscaler/cluster-autoscaler -f myvalues.yaml
 ```
+
 ### Cluster-API
 
 `cloudProvider: clusterapi` must be set, and then one or more of
+
 - `autoDiscovery.clusterName`
 - or `autoDiscovery.labels`
-See [here](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/clusterapi/README.md#configuring-node-group-auto-discovery) for more details
+
+See [here](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/clusterapi/README.md#configuring-node-group-auto-discovery) for more details.
 
 Additional config parameters available, see the `values.yaml` for more details
-`clusterAPIMode`
-`clusterAPIKubeconfigSecret`
-`clusterAPIWorkloadKubeconfigPath`
-`clusterAPICloudConfigPath`
+
+- `clusterAPIMode`
+- `clusterAPIKubeconfigSecret`
+- `clusterAPIWorkloadKubeconfigPath`
+- `clusterAPICloudConfigPath`
 
 ## Uninstalling the Chart
 
@@ -253,7 +261,9 @@ Once you have the IAM role configured, you would then need to `--set rbac.servic
 ### Azure - Using azure workload identity
 
 You can use the project [Azure workload identity](https://github.com/Azure/azure-workload-identity), to automatically configure the correct setup for your pods to used federated identity with Azure.
+
 You can also set the correct settings yourself instead of relying on this project.
+
 For example the following configuration will configure the Autoscaler to use your federated identity:
 
 ```yaml
@@ -280,8 +290,7 @@ extraVolumeMounts:
 
 ## Troubleshooting
 
-The chart will succeed even if the container arguments are incorrect. A few minutes after starting
-`kubectl logs -l "app=aws-cluster-autoscaler" --tail=50` should loop through something like
+The chart will succeed even if the container arguments are incorrect. A few minutes after starting `kubectl logs -l "app=aws-cluster-autoscaler" --tail=50` should loop through something like
 
 ```
 polling_autoscaler.go:111] Poll finished
@@ -309,6 +318,24 @@ Containers:
 
 Though enough for the majority of installations, the default PodSecurityPolicy _could_ be too restrictive depending on the specifics of your release. Please make sure to check that the template fits with any customizations made or disable it by setting `rbac.pspEnabled` to `false`.
 
+### VerticalPodAutoscaler
+
+The CA Helm Chart can install a [`VerticalPodAutoscaler`](https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/README.md) object from Chart version `9.27.0`
+onwards for the Cluster Autoscaler Deployment to scale the CA as appropriate, but for that, we
+need to install the VPA to the cluster separately. A VPA can help minimize wasted resources
+when usage spikes periodically or remediate containers that are being OOMKilled.
+
+The following example snippet can be used to install VPA that allows scaling down from the default recommendations of the deployment template:
+
+```yaml
+vpa:
+  enabled: true
+  containerPolicy:
+    minAllowed:
+      cpu: 20m
+      memory: 50Mi
+```
+
 ## Values
 
 | Key | Type | Default | Description |
@@ -355,10 +382,11 @@ Though enough for the majority of installations, the default PodSecurityPolicy _
 | extraVolumeSecrets | object | `{}` | Additional volumes to mount from Secrets. |
 | extraVolumes | list | `[]` | Additional volumes. |
 | fullnameOverride | string | `""` | String to fully override `cluster-autoscaler.fullname` template. |
+| hostNetwork | bool | `false` | Whether to expose network interfaces of the host machine to pods. |
 | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
 | image.pullSecrets | list | `[]` | Image pull secrets |
-| image.repository | string | `"k8s.gcr.io/autoscaling/cluster-autoscaler"` | Image repository |
-| image.tag | string | `"v1.23.0"` | Image tag |
+| image.repository | string | `"registry.k8s.io/autoscaling/cluster-autoscaler"` | Image repository |
+| image.tag | string | `"v1.27.2"` | Image tag |
 | kubeTargetVersionOverride | string | `""` | Allow overriding the `.Capabilities.KubeVersion.GitVersion` check. Useful for `helm template` commands. |
 | magnumCABundlePath | string | `"/etc/kubernetes/ca-bundle.crt"` | Path to the host's CA bundle, from `ca-file` in the cloud-config file. |
 | magnumClusterName | string | `""` | Cluster name or ID in Magnum. Required if `cloudProvider=magnum` and not setting `autoDiscovery.clusterName`. |
@@ -383,6 +411,7 @@ Though enough for the majority of installations, the default PodSecurityPolicy _
 | rbac.serviceAccount.name | string | `""` | The name of the ServiceAccount to use. If not set and create is `true`, a name is generated using the fullname template. |
 | replicaCount | int | `1` | Desired number of pods |
 | resources | object | `{}` | Pod resource requests and limits. |
+| secretKeyRefNameOverride | string | `""` | Overrides the name of the Secret to use when loading the secretKeyRef for AWS and Azure env variables |
 | securityContext | object | `{}` | [Security context for pod](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
 | service.annotations | object | `{}` | Annotations to add to service |
 | service.create | bool | `true` | If `true`, a Service will be created. |
@@ -403,3 +432,7 @@ Though enough for the majority of installations, the default PodSecurityPolicy _
 | tolerations | list | `[]` | List of node taints to tolerate (requires Kubernetes >= 1.6). |
 | topologySpreadConstraints | list | `[]` | You can use topology spread constraints to control how Pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains. (requires Kubernetes >= 1.19). |
 | updateStrategy | object | `{}` | [Deployment update strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) |
+| vpa | object | `{"containerPolicy":{},"enabled":false,"updateMode":"Auto"}` | Configure a VerticalPodAutoscaler for the cluster-autoscaler Deployment. |
+| vpa.containerPolicy | object | `{}` | [ContainerResourcePolicy](https://github.com/kubernetes/autoscaler/blob/vertical-pod-autoscaler/v0.13.0/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1/types.go#L159). The containerName is always et to the deployment's container name. This value is required if VPA is enabled. |
+| vpa.enabled | bool | `false` | If true, creates a VerticalPodAutoscaler. |
+| vpa.updateMode | string | `"Auto"` | [UpdateMode](https://github.com/kubernetes/autoscaler/blob/vertical-pod-autoscaler/v0.13.0/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1/types.go#L124) |