VPA: Implement in-place updates support

[maxcao13]

What type of PR is this?

/kind feature
/kind api-change

What this PR does / why we need it:

This PR is an attempt to implement VPA in-place vertical scaling according to AEP-4016. It uses the VPA updater to actuate recommendations by sending resize patch requests to pods which allows in-place resize as enabled by the InPlacePodVerticalScaling feature flag in k8s 1.27.0 alpha and above (or by eventual graduation).

It includes some e2e tests currently according to the AEP, but I am sure we will probably need more.

This PR is a continuation of #6652 started by @jkyros with a cleaner git commit history.

Which issue(s) this PR fixes:

Fixes #4016

Special notes for your reviewer:

Notable general areas of concern:

• See this comment about the potential need for a third containerResize policy that currently does not exist in the k8s api.
• Needs more attention on how disruptive/disruption-free updates (should affect)/(are affected) by PodDisruptionBudgets.
• We just kind of hacked the in-place stuff into the eviction limiter, maybe it should have been its own thing, or maybe we need a "disruption limiter", but in-place and eviction needed to know about each other because they have the same "disruption limit"
• For now, there are many many TODOs literred throughout the code which need attention from reviewers/maintainers. A lot is because of design decisions I probably shouldn't make on my own. I resolved some of John's TODOs but he still has relevant comments that need to be addressed as well. I am using the TODOs as the "special notes for your reviewer" section, if people would like a comment somewhere which lays them all out nicely, I'm more than happy to make one.
• Requires a lot more unit testing, but if a lot of architecture is to change, I chose delay writing them until I get feedback.
• There's additional comments by John which can help aid review in the earlier commit descriptions.

Does this PR introduce a user-facing change?

In-place VPA scaling implemented, it can be enabled by setting `updateMode` on your VPA to `InPlaceOrRecreate` (Depends on `InPlaceVerticalPodScaling` feature gate being enabled or having graduated) 

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

[AEP] https://github.com/kubernetes/autoscaler/tree/09954b6741cbb910971916c079f45f6e8878d192/vertical-pod-autoscaler/enhancements/4016-in-place-updates-support
Depends on: 
[KEP] https://github.com/kubernetes/enhancements/tree/25e53c93e4730146e4ae2f22d0599124d52d02e7/keps/sig-node/1287-in-place-update-pod-resources

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: maxcao13
Once this PR has been reviewed and has the lgtm label, please assign voelzmo for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• vertical-pod-autoscaler/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @maxcao13. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-triage-robot]

This PR may require API review.

If so, when the changes are ready, complete the pre-review checklist and request an API review.

Status of requested reviews is tracked in the API Review project.

[adrianmoisey]

/ok-to-test

[omerap12]

This is just my first review after going through all the changes. I will go over it multiple times, but these are my initial comments for now.

[omerap12]

I'm not a fan of embedding logic into annotations. So, +1 for making this change purely for cosmetic reasons.

[omerap12]

Can you explain this logic? why do we have singleGroupStats.inPlaceUpdating-1 and not just singleGroupStats.inPlaceUpdating? is it because that the pod is already in inPlaceUpdating phase? (because of this line: if IsInPlaceUpdating(pod) )

[maxcao13]

Yeah, I believe that's the case.

If we have 3 pods in a deployment, and eviction/disruption tolerance is 1 (we can only tolerate at most 1 pod is inPlaceResizing/evicting), then we need to check at least 2 pods are "alive".

Then if the pod we are currently checking if we canEvict is currently IsInPlaceUpdating, then we need to check if it's actually stuck in deferred or infeasible so that we can fallback to eviction. So that's what the
running - (evicted + (in-place-updating - 1)) > shouldBeAlive thing is doing. We have to ignore the current pod since it's the same pod we are potentially trying to evict (by subtracting it).

In this example it would be

shouldBeAlive 2 (configured - eviction/disruption tolerance)
running = 3 (replicas - pending pods)
evicted = 0
in-place-updating = 1 (singleGroupStats is initialized during NewPodsEvictionRestriction)

3 - (0 + (1 - 1)) > 2
3 > 2

so we would be able to fallback to eviction.

[omerap12]

Can you please explain what do we check here? I thought the purpose of this function is to sort pods based on priority

[maxcao13]

The purpose of the function is return the pods by sorted priority in a list of PrioritizedPods instead of regular apiv1.Pod. They do the same thing, but this one returns the list of the wrapped type. We need it because we elected to put the disruptionless check within the PrioritizedPod struct which may or may not be a scope problem as John pointed out:

// TODO(jkyros): scope issues, maybe not the best place to put Disruptionless
func (p PrioritizedPod) IsDisruptionless() bool {
	return p.priority.Disruptionless
}

EDIT: If people are fine with including the disruptionless check in the PrioritizedPod struct, then I can remove the old GetSortedPods function (because I think it's not used anymore except in tests). If not, I will need to find a better way to check if a pod should be disruptionless (maybe another level of wrapping or something).

[omerap12]

So, just to confirm my understanding - first, we sort the pods by PodPriority. Then, for each pod, we check whether it can be evicted based on the given recommendation. If it can be evicted, we add it to the result slice; otherwise, we log a message indicating that the pod cannot be evicted.

I think it is more logical to first filter the pods and then sort the list afterwards. but because this line:

type byPriorityDesc []PrioritizedPod

and the fact that we are returning

[]*PrioritizedPod

It might be an issue.

[maxcao13]

I can do switch it around and loop through them to create a slice of pointers. That will probably be a bit better for complexity.

But regardless, I think I need to refactor this area of code a bit more. Particularly, John wrote out a TODO that I believe should make the new updater steps a bit more clear and efficient:

// TODO(jkyros): I need to know the priority details here so I can use them to determine what we want to do to the pod
// previously it was just "evict" but now we have to make decisions, so we need to know

I am going to try and calculate the CanEvict and CanInPlaceUpdate checks before attempting them, so that we can know exactly what to try and what not to try for each pod. Commits after 2fa0144 will be on this.

[maxcao13]

Appreciate the review! I will respond to the other comments tomorrow, just wanted to get the easy stuff out of the way and less cluttered.

[omerap12]

Appreciate the review! I will respond to the other comments tomorrow, just wanted to get the easy stuff out of the way and less cluttered.

Sure, take your time

[omerap12]

Can we combine it to one? Maybe something like that:

klog.ErrorS("Failed to patch pod. no patches to apply", "pod", klog.KObj(podToUpdate))

[maxcao13]

I'm not sure if that would work, I still need to return an err. Maybe this is better? WDYT?

err := fmt.Errorf("no resource patches were calculated to apply")
klog.ErrorS(err, "Failed to patch pod", "pod", klog.KObj(podToUpdate))
return err

[omerap12]

Why do we need to log the error inside the function if the function is already returning an error that gets logged here:

autoscaler/vertical-pod-autoscaler/pkg/updater/logic/updater.go

Line 469 in 53d4006

klog.ErrorS(evictErr, "updating pod failed", "pod", klog.KObj(pod))

maybe those logs are redundant?

[maxcao13]

Yeah, you're probably right. I'll just remove the log here, thanks!

EDIT: And remove the logs in other places in the function when they are also getting returned,

[maxcao13]

This is an important note/question. It may just be me being confused about the AEP details, but AFAIK there is no way for a user to guarantee that a resize request will be disruptonless. We can only guarantee that a resize will be disruptful (by configuring container resize restart policy). So how can we dictate the resizing type based on the conditions in the AEP? e.g. in the AEP it states

InPlaceOnly and InPlaceOrRecreate will attempt to apply a disruption-free update in place if it meets at least one of the following conditions:

• Quick OOM,
  * Outside recommended range,
  * Significant change.

InPlaceOnly and InPlaceOrRecreate will attempt to apply updates that are not disruption-free in place under the same conditions that apply to updates in the Recreate mode.

Since the conditions are different, how can we actually make sure the first set of actions will actually be disruption free? I think this problem requires the need for a third resizePolicy MustNotRestart as mentioned in the AEP. But that does not exist right now. That will also help this test actually make sense.