Add rate limiter to the Vertical Pod autoscaler updater component

[guillaumebreton]

This patch adds a rate limiter to the vertical pod autoscaler updater.
It adds two flags

• eviction-rate-limit to control the number of pods that can be evicted
  every seconds.
• eviction-rate-limit-burst to control the burst of that can be evicted
  immediately.

fixes #2178

[k8s-ci-robot]

Welcome @guillaumebreton!

It looks like this is your first PR to kubernetes/autoscaler 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/autoscaler has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[bskiba]

@guillaumebreton thanks! This looks ok, I have some minor comments but first I wanted to clarify that this is what we want.
@milesbxf does global setting like this solve your issues is there need for more fine grained control (for example ability to set this per-deployment)?

[bandesz]

Wait always asks for one token, so it doesn't make much sense to set the burst rate to anything else than 1. If I'm correct then we should remove the eviction-rate-limit-burst parameter.

Sorry, the golang.org/x/time/rate documentation is not really clear. Looking at the code burst is also the maximum number of tokens you can accrue over time. This is important as VPA couldn't suddenly evict lots of pods after not evicting anything for a long time.

[bandesz]

Without knowing the autoscaler well I'm a little bit worried if Wait will block here for long time (e.g. minutes). The state of the cluster might change significantly during that time.

[bandesz]

An idea for solving the Wait()/blocking problem:

1. Let's collect all pods to be evicted in a list
2. Randomize the list (to give all pods a fair chance to be evicted in a RunOnce run)
3. Go through the list and evict a pod if u.evictionRateLimiter.Allow() returns true.
4. If u.evictionRateLimiter.Allow() returns false then return from the RunOnce function. Any remaining pods to be evicted will be retried in the next RunOnce run

[guillaumebreton]

Thanks for your input 🙂

I'm not really sure why the Wait is an issue here :

• A context with timeout it passed to the Wait function so the Wait will be cancelled if the delay is larger than the tick interval.
• As far as I understand it. The state of the cluster is updated by the recommender, and the admission controller applies it. The updater is only responsible for eviction here, and when the pod restarts, the last value of the VPA are applied by the admission controller.

In your proposed solution, we would hit the rate limiter quickly and exit. So we would "waste" n seconds of the ticker loop doing nothing. Running on fresher data is an excellent idea, but the only option I see would be to refresh the pod list between every Wait, which doesn't seem ideal to me.

[bskiba]

The default tick for the updater is 1 minute, so as @guillaumebreton writes, the Wait will be canceled after that time at most (unless someone uses a custom tick). So we can basically look at info that is stale up to 1 minute, which is also true if updater has a lot of work to do. I'm inclined to agree this solution is acceptable.

As to randomizing the list of pods to evict - the updater has a priority mechanism to select which pods to evict first based on multiple factors (including how far away they are from their recommended resources). Shuffling the list wouldn't play well with that.

[milesbxf]

@guillaumebreton thanks! This looks ok, I have some minor comments but first I wanted to clarify that this is what we want.
@milesbxf does global setting like this solve your issues is there need for more fine grained control (for example ability to set this per-deployment)?

Yes, it does! 🙌 FYI @guillaumebreton and I are on the same team, so we've spoken about this offline 🙂

[bskiba]

@milesbxf Thanks! In that case I'll get back to this early next week, appreciate your patience I am a bit short on time atm :)

[guillaumebreton]

@bskiba No worries 👍 Thank you for reviewing it.

[bskiba]

I haven't dived into the rate package docs, is this equivalent to having no rateLimiter at all? i.e. will the Wait() return immedately?

[bskiba]

Also, is the Burst completely ignored?

[guillaumebreton]

Indeed, if we set the rate limite to rate.Inf the burst rate is completely ignored, and Wait will return immediately.
-> Documentation about burst being ignored if rate equals to Rate.inf https://github.com/golang/time/blob/master/rate/rate.go#L37
-> Wait() returning immediately : https://github.com/golang/time/blob/master/rate/rate.go#L307

[bskiba]

From @bandesz's comment above, looks like this can be simplified.

[bskiba]

Thanks for your patience and apologies for the delay.

I've added some comments. My main concern is to make sure that the current behavior stays the same (i.e. if we are not using the rate limiter). Other comments are mostly nit's

[bskiba]

This looks good, only minor comments left. Can you address them and squash your commits into one.

Thanks for answering my questions and getting this done!

[guillaumebreton]

@bskiba What would be the next step with this PR ? Should I ask @jbartosik and @mwielgus for a review ?

[bskiba]

I'll review tomorrow, sorry for the wait!

[guillaumebreton]

@bskiba No worries :) Github was showing you already approved it so I wasn't sure

[bskiba]

can you also rename the flag to eviction-rate-burst?

[bskiba]

One last small comment (sorry, I missed this in the previous review :( )

[guillaumebreton]

@bskiba Thank you 👍 I missed it and I fixed it.

[bskiba]

Thanks!
/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bskiba

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• vertical-pod-autoscaler/OWNERS [bskiba]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment